The term "standard" is sometimes used within the context of information security policies to distinguish between written policies, standards and procedures. Organizations should maintain all three levels of documentation to help secure their environment. Information security policies are high-level statements or rules about protecting people or systems. (For example, a policy would state that "Company X will maintain secure passwords") A "standard" is a low-level prescription for the various ways the company will enforce the given policy. (For example, "Passwords will be at least 8 characters, and require at least one number.") A "procedure" can describe a step-by-step method to implementing various standards. (For example, "Company X will enable password length controls on all production Windows systems.")
This use of the term "standard" differs from use of the term as it relates to information security and privacy frameworks, such as ISO 17799 or COBIT.
Famous quotes containing the words information, security and/or standards:
“In the information age, you don’t teach philosophy as they did after feudalism. You perform it. If Aristotle were alive today he’d have a talk show.”
—Timothy Leary (b. 1920)
“To have in general but little feeling, seems to be the only security against feeling too much on any particular occasion.”
—George Eliot [Mary Ann (or Marian)
“Men are rewarded for learning the practice of violence in virtually any sphere of activity by money, admiration, recognition, respect, and the genuflection of others honoring their sacred and proven masculinity. In male culture, police are heroic and so are outlaws; males who enforce standards are heroic and so are those who violate them.”
—Andrea Dworkin (b. 1946)