difference between security policy and security method?
shivajikobardan
Member Posts: 20 ■■□□□□□□□□
what's the difference? are they same? context is I am studying information system subject.
Comments
-
JDMurray Admin Posts: 13,099 AdminA "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."
-
shivajikobardan Member Posts: 20 ■■□□□□□□□□JDMurray said:A "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."
i didn't find further information in google, what should i search this by? -
JDMurray Admin Posts: 13,099 AdminI would suggest reading through training materials for InfoSec certifications, such as Security+ and CISSP. YouTube is a good and free source of this material.