Home > Ask the Security Experts > Questions & Answers > Standards vs. policies
Ask The Security Expert: Questions & Answers
EMAIL THIS

Standards vs. policies

Mandy Andress EXPERT RESPONSE FROM: Mandy Andress

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site
>
QUESTION POSED ON: 07 June 2002

As part of a security team, we have developed a suite of information security policies for the corporation. We are now in process of developing standards for some of our platforms. What is the real difference between policies and standards, and how detailed should standards be? Are you able to provide any examples?

>

The three main terms I see in policy development are policies, standards and procedures. To me, policies are the very high level statements that govern an organization. An example policy might be that all users must maintain strong, unique passwords for their system accounts. A corresponding standard for this policy could be that all passwords must be at least eight characters long and contain a combination of upper and lowercase letters, numbers and symbols. Procedures are the detailed steps showing how to implement the stated policy. This should be very detailed, providing exact command line syntax or screenshots showing how to implement this policy.

For more information on this topic, visit these other SearchSecurity resources:
Ask the Expert: Differentiating between policies, standards, procedures and technical controls
Best Web Links: Law, Public Policy and Standards
Best Web Links: Security Policy and Infrastructure

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice



Find Security Solutions for Your Business
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts