IT Examiner School - Oct 2023

Policy, Standards & Procedures…

• Policy : All external business communication via the Internet will provide confidentiality, integrity, and availability. • Standards : • Mandatory • Created to support the policy, while providing specific details. • Procedures : • Mandatory • Step-by-step directives on how to get the end result. • Guidelines: • Not Mandatory • Suggestive or recommended actions. • Baselines: • Mandatory • Minimum acceptable security configuration.

Policy

Standards

Procedures

Guidelines

Baselines

17

Information Security Controls

Administrative Controls support the classic management responsibilities of planning, directing, organizing, and reporting.

Technical Controls involve hardware and application or OS software.

Physical Controls protect against environmental, human, and systemic threats.

18

18