difference between security policy and security method?

shivajikobardanshivajikobardan Member Posts: 20 ■■□□□□□□□□
in General Certification
what's the difference? are they same? context is I am studying information system subject.

· Share on FacebookShare on Twitter

Comments

  • JDMurrayJDMurray Admin Posts: 12,905 Admin
    A "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."
    A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."


    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
  • shivajikobardanshivajikobardan Member Posts: 20 ■■□□□□□□□□
    edited March 2022
    JDMurray said:
    A "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."
    A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."

    makes sense. thank you.

    i didn't find further information in google, what should i search this by?
    · Share on FacebookShare on Twitter
  • JDMurrayJDMurray Admin Posts: 12,905 Admin
    I would suggest reading through training materials for InfoSec certifications, such as Security+ and CISSP. YouTube is a good and free source of this material.

    Forum Admin at www.techexams.net
    --
    LinkedIn: www.linkedin.com/in/jamesdmurray
    Twitter: www.twitter.com/jdmurray
    · Share on FacebookShare on Twitter
Sign In or Register to comment.