The IT Law Wiki
Explore
Main Page
All Pages
Community
Interactive Maps
Random page
TopContent
Most Visited Pages
Cell phone
Radio frequency spectrum
RFID tag
Cloud consumer
Internet
Newly Changed Pages
Computer terminal
Persuasive evidence
Website operator
Bfdi
Email bombing
Pornography
Message modification
Most Popular Pages
community
Community portal
forum
FANDOM
Fan Central
BETA
Games
Anime
Movies
TV
Video
Wikis
Explore Wikis
Community Central
Start a Wiki
Don't have an account?
Register
Sign In
Sign In
Register
The IT Law Wiki
34,539
pages
Explore
Main Page
All Pages
Community
Interactive Maps
Random page
TopContent
Most Visited Pages
Cell phone
Radio frequency spectrum
RFID tag
Cloud consumer
Internet
Newly Changed Pages
Computer terminal
Persuasive evidence
Website operator
Bfdi
Email bombing
Pornography
Message modification
Most Popular Pages
community
Community portal
forum
Editing
Policy
(section)
Back to page
Edit
Edit source
View history
Talk (0)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Definitions == === Computer security === '''Policy''' is {{Quote|senior management's directives to create a [[computer security]] program, establish its goals, and assign responsibilities. The term policy is also used to refer to specific [[security]] rules for particular [[system]]s. Additionally, policy may refer to entirely different matters, such as the specific managerial decisions setting and organization's [[e-mail privacy]] policy or [[fax]] [[security]] policy.<ref>[[NIST Special Publication 800-18]], at 33.</ref>}} {{Quote|[o]rganizational-level rules governing acceptable use of [[computing resources]], [[security]] practices, and [[operational]] [[procedure]]s.<ref>[[Information Technology Security Handbook]], Annex 1, Glossary.</ref>}} === General === A '''policy''' is {{Quote|a formal [[document]] describing roles, responsibilities, [[standard]]s, and enforcement mechanisms with regard to a particular issue.<ref>[https://wiki.internet2.edu/confluence/display/itsg2/Glossary Information Security Guide 2 - Glossary.]</ref>}} {{Quote|[t]he principles and values that guide the performance of a duty. A policy is not a statement of what must be done in a particular situation. Rather, it is a statement of guiding principles that should be followed in activities that are directed toward the attainment of goals.<ref>[[U.S. Department of Justice]], Minimum Criminal Intelligence Training Standards for Law Enforcement and Other Criminal Justice Agencies in the United States 43 (Ver. 2) (Oct. 2007) ([http://www.iir.com/Information_Sharing/global/resource/products/minimum_criminal_intel_training_standards.pdf full-text]).</ref>}} {{Quote|a high level, strategic statement, authorized by the executive management that dictates what type of position the organization has taken on specific issues.<ref>Newfoundland-Labrador, [[Office of the Chief Information Officer]], Information Management and Information Protection Glossary of Terms ([http://www.ocio.gov.nl.ca/ocio/im/glossary.html#Policy full-text]).</ref>}} {{Quote|[t]he set of authoritative directives related to a topic including [[statute]], [[regulation]], executive directions, and applicable managerial decisions, both foreign and domestic.<ref>[[NSTAC Report to the President on Cloud Computing]], at C-4.</ref>}} {{Quote|[[guidance|[g]uidance]] that is directive or instructive, stating what is to be accomplished. It reflects a conscious choice to pursue certain avenues, and not others. Policies may change due to changes in national leadership, political considerations, or for fiscal reasons.<ref>[[Air Force Supplement to the Department of Defense Dictionary of Military and Associated Terms]], at 51.</ref>}} {{Quote|[s]tatements, rules or assertions that specify the correct or expected behavior of an entity. For example, an [[authorization policy]] might specify the correct [[access control]] rules for a [[software]] [[component]].<ref>[[NISTIR 7621 Rev. 1]], at A-3.</ref>}}
Summary:
Please note that all contributions to the The IT Law Wiki are considered to be released under the CC-BY-SA
Cancel
Editing help
(opens in new window)
Follow on IG
TikTok
Join Fan Lab