(8) Standards And Procedures Flashcards
What are technology standards within a corporate environment?
Standards are mandatory requirements describing how an organization will carry out its information security policies
What are the three things that policies, standards, and guidelines set out to do
Policies set out high level objectives of the security program and requires adherence with standards (which lay out required security controls).
Guidelines give advice to orgs that are trying to comply with policies and standards
We know what procedures are, but what do they do?
Procedures make sure that consistent processes are followed to help meet a security objective
What are monitoring procedures?
Monitoring procedures lay out how the org will conduct security monitoring, including the use of monitoring technology
What are evidence production procedures?
Evidence production procedures lay out how the org will respond to legal summons to provide digital evidence
What are patching procedures?
Patching procedures are such that describe how often the process of applying patches to apps and systems occur
