Day 6-Policy-27th March Flashcards
Different Policy type
Regulatory Advisory Informative organizational policy system specific policy issue specific policy
Regulatory Policy
A regulatory policy sees to it that the company or organization strictly follows standards that are put up by specific industry regulations. Regulatory policies usually apply to public utilities, financial institutions, and other organizations that function with public interest in mind
Advisory policy
This type of policy works by strongly advising the employees of an organization about which activities and behaviors are allowed or prohibited according to standards set by the organization. Though the tenets under this type of policy may not be mandatory in nature, there are still serious consequences that could apply when violations take place
organizational policy
This can be considered as the blueprint of the organization’s security program. It embodies the strategic plan of how the organization should implement their security procedures and guidelines for computer system, among others.
System-Specific Policy.
This type of policy deals with a particular individual computer system. Basically, it works to present the approved hardware and software for that particular computer system.
issuwmk,kkkkdkkkkkkks/d me smpecific policy
Lastly, this policy zooms in on a particular functional aspect that needs more focused attention. Considering the requirements under the policy, organizations create a separate sub-policy that specifically covers and addresses the level of security needed. Some examples are email policies, change management policies, encryption policies, access control policies, and vulnerability management policies, to name a few.
BCP corrective or preventive ?
Business continuity planning is an example of a corrective control. Corrective controls are controls that take corrective
action against threats
