Keeping information security policies separate from procedures helps maintain clarity and prevent conflicts between different types of documents. Policies provide high-level guidance and direction, outlining overarching principles and objectives, while procedures offer detailed steps and actions to implement those policies. Separating the two allows for better organization, clarity, and the ability to update or revise procedures without necessarily impacting the underlying policy framework. It ensures that each type of document serves its specific purpose without introducing confusion or contradictions.
Security policy statements should be general and not cite specific devices, technolo-
gies, algorithms, or configurations. Policy statements should state what is to be done
(or not done) but not how. This way, security policies will be durable and will need to
be changed infrequently. On the other hand, security standards and procedures may
change more frequently as practices, techniques, and technologies change
The best reason to keep information security policies separate from procedures is to ensure that individual documents do not contain conflicting information.
Information security policies and procedures serve different purposes within an organization's information security program. Policies are high-level statements that outline the organization's intentions, direction, and requirements regarding information security. They provide overarching guidance and principles that shape the organization's approach to information security.
Procedures, on the other hand, are detailed instructions and step-by-step processes that describe how specific tasks or activities should be performed. They provide specific guidance on how to implement the requirements outlined in the policies.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
MSKid
Highly Voted 1 year, 4 months agoZiggybooboo
1 year, 4 months agoViperhunter
Most Recent 3 months, 3 weeks agosphenixfire
6 months, 1 week agodrewl25
8 months agoNillanash
8 months, 2 weeks agorichck102
9 months, 3 weeks agoAntonivs
1 year, 1 month ago