Information security standards
- Information security standards
The term "standard" is sometimes used within the context of information security policies to distinguish between written policies, standards and procedures. Organizations should maintain all three levels of documentation to help secure their environment. Information security policies are high-level statements or rules about protecting people or systems. (For example, a policy would state that "Company X will maintain secure passwords") A "standard" is a low-level prescription for the various ways the company will enforce the given policy. (For example, "Passwords will be at least 8 characters, and require at least one number.") A "procedure" can describe a step-by-step method to implementing various standards. (For example, "Company X will enable password length controls on all production Windows systems.")
This use of the term "standard" differs from use of the term as it relates to information security and privacy frameworks, such as ISO 17799 or COBIT.
Wikimedia Foundation.
2010.
Look at other dictionaries:
Information security — Components: or qualities, i.e., Confidentiality, Integrity and Availability (CIA). Information Systems are decomposed in three main portions, hardware, software and communications with the purpose to identify and apply information security… … Wikipedia
Information security policies — are a special type of documented business rule for protecting information and the systems which store and process the information. Information security policies are usually documented in one or more information security policy documents. Within… … Wikipedia
Information security professionalism — is the set of knowledge that people working in Information security and similar fields (Information Assurance and Computer security) should have and eventually demonstrate through certifications from well respected organizations. It also… … Wikipedia
Information Security Management — Information security (ISec) describes activities that relate to the protection of information and information infrastructure assets against the risks of loss, misuse, disclosure or damage. Information security management (ISM) are controls that… … Wikipedia
Information Security Automation Program — The Information Security Automation Program (ISAP, pronounced “I Sap”) is a U.S. government multi agency initiative to enable automation and standardization of technical security operations. While a U.S. government initiative, its standards based … Wikipedia
Information security management system — An Information Security Management System (ISMS) is, as the name suggests, a set of policies concerned with information security management. The idiom arises primarily out of ISO/IEC 27001.The key concept of ISMS is for an organization to design … Wikipedia
Information security audit — An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple type of audits, multiple objectives for different audits, etc. Most… … Wikipedia
Cyber security standards — are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks. These guides provide general outlines as well as specific techniques for implementing cyber… … Wikipedia
Security controls — are safeguards or countermeasures to avoid, counteract or minimize security risks. To help review or design security controls, they can be classified by several criteria, for example according to the time that they act, relative to a security… … Wikipedia
Federal Information Security Management Act of 2002 — The Federal Information Security Management Act of 2002 ( FISMA , usc|44|3541, et seq. ) is a United States federal law enacted in 2002 as Title III of the E Government Act of 2002 (USPL|107|347, USStat|116|2899). The act was meant to bolster… … Wikipedia
