- Published: September 15, 2022
- Updated: September 15, 2022
- University / College: University of Leeds
- Level: Masters
- Language: English
- Downloads: 42
Topic: Information Security Management Framework Security Policies, Standards and Guidelines So that information can be protected, organizations and businesses are supposed to execute regulations and controls concerned with safeguarding of information as well as the systems used for the storage and processing the information. This is typically achieved through executing information security policies along with standard and guidelines. In this context, security policies are usually written documents, which are supposed to lay out the precise requirements or rubrics that must be adhered to by the employees. It is an overall description of the permissible and impermissible conducts of the employees in the workplace concerning how information is handled. In regards to the security of information and networks, policies typically cover a single aspect such as the acceptable utilization of computing facilities in a learning institution (Singh, 2007).
On the other hand, standards are thorough and comprehensive statements of the aspects that members of an organization are supposed to participate in in order to abide by the set policies. They may exist in the form of requirements specific to systems or procedures, which are supposed to be adhered to by everyone. For instance, the employees may wish to use their personal mobile devices in the workplace; in this case, the standards set for the connection of the mobile devices to the network run by the organization must be adhered to precisely (Laet & Schauwers, 2005). Additionally, guidelines are literally groups of system or procedural specific recommendations that govern nest practices but are not must-follow controls. Nevertheless, reference to standards and guidelines is seen as an efficient and effective aspect of a good security policy. All the documents listed have varying target audiences in a company and thus they are not supposed to be combined into a single document. Rather, there should be a number of documents, which will collectively develop the concept of an information security policy framework thereby making the security policy the most important document overall.
References
Laet, G., & Schauwers, G. (2005). Network security fundamentals. Indianapolis, Ind.: Cisco.
Singh, B. (2007). Network security and management. New Delhi: Prentice-Hall of India.
