Definitions[edit | edit source]
Computer security[edit | edit source]
|“||[o]rganizational-level rules governing acceptable use of computing resources, security practices, and operational procedures.||”|
General[edit | edit source]
A policy is
|“||a formal document describing roles, responsibilities, standards, and enforcement mechanisms with regard to a particular issue.||”|
|“||[t]he principles and values that guide the performance of a duty. A policy is not a statement of what must be done in a particular situation. Rather, it is a statement of guiding principles that should be followed in activities that are directed toward the attainment of goals.||”|
|“||a high level, strategic statement, authorized by the executive management that dictates what type of position the organization has taken on specific issues.||”|
|“||[t]he set of authoritative directives related to a topic including statute, regulation, executive directions, and applicable managerial decisions, both foreign and domestic.||”|
|“||[g]uidance that is directive or instructive, stating what is to be accomplished. It reflects a conscious choice to pursue certain avenues, and not others. Policies may change due to changes in national leadership, political considerations, or for fiscal reasons.||”|
|“||[s]tatements, rules or assertions that specify the correct or expected behavior of an entity. For example, an authorization policy might specify the correct access control rules for a software component.||”|
References[edit | edit source]
- NIST Special Publication 800-18, at 33.
- Information Technology Security Handbook, Annex 1, Glossary.
- Information Security Guide 2 - Glossary.
- U.S. Department of Justice, Minimum Criminal Intelligence Training Standards for Law Enforcement and Other Criminal Justice Agencies in the United States 43 (Ver. 2) (Oct. 2007) (full-text).
- Newfoundland-Labrador, Office of the Chief Information Officer, Information Management and Information Protection Glossary of Terms (full-text).
- NSTAC Report to the President on Cloud Computing, at C-4.
- Air Force Supplement to the Department of Defense Dictionary of Military and Associated Terms, at 51.
- NISTIR 7621 Rev. 1, at A-3.
See also[edit | edit source]
- Acceptable Use Policy
- Capstone Policies
- Competition policy
- Cybersecurity policy
- Dig once policy
- Foreign policy
- Industrial policy
- Information policy
- Issue-specific policy
- Policies and procedures
- Program policy
- Public policy
- Security policy
- Spectrum policy
- System-specific policy
- Technology policy
- Telecommunications policy
Community content is available under CC-BY-SA unless otherwise noted.