difference between security policy and security method?

shivajikobardanshivajikobardan Member Posts: 20 ■■□□□□□□□□
what's the difference? are they same? context is I am studying information system subject.

Comments

  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    A "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."
    A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."

  • shivajikobardanshivajikobardan Member Posts: 20 ■■□□□□□□□□
    edited March 2022
    JDMurray said:
    A "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."
    A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."

    makes sense. thank you.

    i didn't find further information in google, what should i search this by?
  • JDMurrayJDMurray Admin Posts: 13,099 Admin
    I would suggest reading through training materials for InfoSec certifications, such as Security+ and CISSP. YouTube is a good and free source of this material.
Sign In or Register to comment.