Guidelines give advice. They are not mandatory—they are just
suggestions on how to follow the policy. Guidelines are meant to make life
easier for the end user, as well as for the security manager who wrote the policy, because they help
people understand how to meet the goals set by the security policy.
Security Guideline Example
In this example, the password complexity rules of the
password policy are translated into a set of easy-to-follow suggestions. There
may be other ways to select a password to be compliant with the policy, but
these guidelines are intended to simplify the process for the end users while
at the same time allowing them to make strong passwords. Notice that unlike
standards and procedures, the material is easy for everyone to read and
understand.
No comments:
Post a Comment