Home > Articles > Other IT Certifications > CISSP

  • Print
  • + Share This
From the author of

From the author of

Security Policies, Guidance, and Procedures Review

Security Policies, Guidance, and Procedures Review

The details of how security controls should be implemented are usually described in organization-specific policies, standards, and procedures (Phase 3 in Figure 3). These define a baseline of security practices. Specifically, they describe security control objectives and techniques that should lead to accomplishing security performance goals and objectives.

These documents should be examined during initial development. They also should be examined in future metrics development, when the initial list of metrics is exhausted and other metrics needs to replace them. The applicable documents should be reviewed to identify prescribed practices, relevant targets of performance, and detailed security controls for system operations and maintenance.

  • + Share This
  • 🔖 Save To Your Account