2023 IT Examiner School

Security Policy Summary

• Business objective drive policy • Policy drives technology

• Increases cost-effectiveness/reduce risk • Provide guidelines for uncertain scenarios

• Establish consistency • Change management • The basis for IT Audit compliance

Policy, Standards & Procedures…

• Policy : All external business communication via the Internet will provide confidentiality, integrity, and availability. • Standards : • Mandatory • Created to support the policy, while providing specific details. • Procedures : • Mandatory • Step-by-step directives on how to get the end result. • Guidelines: • Not Mandatory • Suggestive or recommended actions. • Baselines: • Mandatory • Minimum acceptable security configuration.

Policy

Standards

Procedures

Guidelines

Baselines