Security Guidelines
Guidelines give
advice. They are not mandatory—they are just suggestions on how to follow the
policy. Guidelines are meant to make life easier for the end user, as well as
for the security manager
who wrote the policy, because they help people understand how to meet the goals
set by the security policy.
Security Guideline
Example
In this example, the
password complexity rules of the password policy are translated into a set of
easy-to-follow suggestions. There may be other ways to select a password to be
compliant with the policy, but these guidelines are intended to simplify the
process for the end users while at the same time allowing them to make strong
passwords. Notice that unlike standards and procedures, the material is easy
for everyone to read and understand.
Ongoing Maintenance
The security policies, standards,
procedures, and guidelines are living documents. That means they are not
written once and left unchanged for years. These documents should be regularly
updated in response to changing business conditions, technologies, customer
requirements, and so on. Some form of document version control technology may
be helpful in managing this lifecycle process.
In order to
communicate the security documents,
it is best to keep them online or in a place where the various audiences will
be able to review and understand changes as they are approved and implemented.
Some organizations use an intranet web site to present their security documents, so employees
can easily reference them throughout the workday.
No comments:
Post a Comment