Security policies frameworks can be large and complex, with significant impacts to the organization. Implementation requires strong management support and good planning. There are many individual tasks and issues to resolve along the way. Maintaining a clear line of communication with the executives who demonstrate support for and, ideally, personal commitment to the implementation is important.
1. What are the differences between a policy, a standard, and a practice?
2. What are the three types of security policies? Where would each be used?
3. What type of policy would be needed to guide use of the Web? E-mail? Office equipment for personal use?