Lesson 3
Security Policies & Procedures
Written security rules for protecting systems, data, and devices.
Domain
Security Concepts and Practices
Concepts
11 concepts
Concept 1
Policies
Security Policies & Procedures
Written security rules for protecting systems, data, and devices.
Concept 2
Policies
Policies
High-level management rules that explain what must happen.
Concept 3
Standards
Standards
Specific mandatory rules that support policies.
Concept 4
Procedures
Procedures
Step-by-step instructions for performing a task.
Concept 5
Guidelines
Guidelines
Recommended best practices when flexibility is acceptable.
Concept 6
Baselines
Baselines
Minimum security settings or requirements systems must meet.
Concept 7
Comparison
Difference Between Policies, Standards, Procedures, Guidelines, and Baselines
A quick comparison of the main security rule and guidance types.
Concept 8
AUP
Acceptable Use Policies (AUP)
Rules for using company systems, devices, internet, and email.
Concept 9
Awareness
Security Awareness Policies
Rules for how employees learn and follow security practices.
Concept 10
Data Handling
Data Handling Procedures
Rules for managing data safely throughout its life.
Concept 11
Passwords
Password Policies
Rules for creating and managing passwords.