Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our security documents module. There are several types of security documents that you may use in your organization including policies, standards, guidelines and procedures. Security policies are the top tier of security documentation in your organization. They generally provide broad outlines of your security practices and goals and they are strategic documents.
There are several different categories of security policies Including informative policies, regulatory policies, and the most common, advisory policies. There are three types of security policies, organizational, which focus on organization-wide aspects of security. Issue-specific, which focus on specific aspects of your organization like a certain service that you offer or a specific department.
And systems-specific which focus on the secure handling of specific types of systems, or individual systems. For the CISSP examination you should remember that security policies are mandatory and must be followed. Standards are the next level of documents in your organization. They specify courses of action or responses to different situations in your organization.
Standards are tactical in that they serve as specifications for how to implement policies. Standards are designed to promote Implementing your high level organizational policies, rather than creating new policies. They can be used to measure compliance with your policies. And just like security policies, standards are mandatory and must be followed.
Baselines are a type of standard that define the minimum level of security required throughout your organization. These are usually based on industry or government standards, and are often platform specific. You should be familiar with baselines for the CISSB examination. Guidelines are general statements that can recommend a specific approach to how you can implement a policy standard or baseline.
They will not specify controls or configuration settings and they are flexible and can be customized. These are just recommendations to consider when implementing your security controls and they are not mandatory. You should remember for the CISSP examination that guidelines are the only type of document that are considered to be not mandatory as they are just suggestions.
Procedures will very specifically detail how your policies, baselines, standards and guidelines will be implemented in a certain situation. They will ensure that the integrity of your business process is maintained and they could focus on an entire system or just a single component of that system. You need to make sure that your procedures are updated when you have technology changes, and procedures are mandatory and are required to be followed, and you should remember that for the CISSP examination. An example of a procedure could be a new user set-up policy, which details how to create an user account for a new employee and how to assign rights and privileges to that employee based on their job role or their specific needs. This concludes our security documents module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!