A "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."
A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."
A "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."
A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."
makes sense. thank you.
i didn't find further information in google, what should i search this by?
I would suggest reading through training materials for InfoSec certifications, such as Security+ and CISSP. YouTube is a good and free source of this material.
Comments
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
i didn't find further information in google, what should i search this by?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray