security Governance: policies standards and procedures

Question 1

what is the characteristics of policies?

Answer 1

organization wide, high level and broad scoped
deigned for long terms (several years)

they are few in number, they’re high lvl and broad natured

Question 2

what is standard

Answer 2

rules to achieve the intent of the policy

Question 3

which one has the greater number polices or standards?

Answer 3

There’s more standards than polices

Question 4

what are procedure?

Answer 4

specific steps
train employees and ensure consistency in security related business processes

Question 5

what are guidelines

Answer 5

it ranked the same lvl as procedure.
it’s optional recommendation, which mean they are suggest best practices, but not mandatory

Question 6

why is risk important?

Answer 6

if you missed risk that i likely to materialized, your information security policy would have serious flaw.

Question 7

legal and regulatory

Answer 7

every industry has it own set of legal and regulatory compliance requirement

Question 8

enforcement

Answer 8

your policies should have a clear identify instance which are considered as violations and the penalties associated with them

Question 9

why is staff engagement important?

Answer 9

because they can help streamline the policy and they can sometimes identify issues that might have been over looked

Question 10

why is employee training important

Answer 10

you can have the best policy in the world. if you were employees are not properly trained. it is useless. which is why it’s important to have training workshop to refresh your employees knowledge.

Question 11

management support

Answer 11

if policies are written and visible, employees are more likely to follow it