Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
9 Cards in this Set
- Front
- Back
|
Regulatory
|
This type of policy ensures that the organization is
following standards set by specific industry regulations (HIPAA, GLBA, SOX, PCI-DSS, etc.). It is very detailed and specific to a type of industry. It is used in financial institutions, healthcare facilities, public utilities, and other government-regulated industries. |
|
|
Advisory
|
This type of policy strongly advises employees as to which
types of behaviors and activities should and should not take place within the organization. It also outlines possible ramifications if employees do not comply with the established behaviors and activities. This policy type can be used, for example, to describe how to handle medical or financial information. |
|
|
Informative
|
This type of policy informs employees of certain topics.
It is not an enforceable policy, but rather one that teaches individuals about specific issues relevant to the company. It could explain how the company interacts with partners, the company’s goals and mission, and a general reporting structure in different situations. |
|
|
security policy
|
High-level document that outlines senior management’s
security directives |
|
|
Standards
|
mandatory activities, actions, or rules that give a policy
its support and reinforcement in direction |
|
|
baseline
|
point in time that is used as a comparison for future
changes. used to define the minimum level of protection required. |
|
|
Guidelines
|
recommended actions and operational guides to users, IT staff, operations
staff, and others when a specific standard does not apply. Suggestions and best practices. |
|
|
Procedures
|
detailed step-by-step tasks that should be performed to achieve a certain
goal |
|
|
Organizational (master), issue-specific, system-specific.
|
Policy types
|
