Information Security Procedures and Standards

This chapter addresses the specific elements of information security procedures and standards that are unique. The formal language of information security policies may be dropped from these more detailed documents. Information security procedures and standards are not the formal documents of policy that need to stick with legal terms and standard templates but a more instructional and detailed document that provides guidance, variable settings, examples, and step-by-step instructions. Information security standards and guidelines are a refinement of security requirements in the information security policies that address selected methods, techniques, and devices. Information security standards are developed to provide greater explanation or specificity for information security policy-level statements. There are a great many approaches to performing an information security risk assessment. Information security procedures are instructions for the accomplishment of a process. The creation of information security procedures is rather tedious but straightforward.