difference between security policy and security method?

what's the difference? are they same? context is I am studying information system subject.
Comments
-
JDMurray Admin Posts: 13,113 Admin
A "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."
-
shivajikobardan Member Posts: 20 ■■□□□□□□□□
JDMurray said:A "policy" is a high-level directive that specifies what should be performed, such as "All enterprise passwords shall conform to an industry standard complexity method and be periodically changed."A security method would describe how to implement that policy, such as "All enterprise-compliant authentication must use the password recommendations specified in NIST SP800-63-3: Digital Identity Guidelines."
i didn't find further information in google, what should i search this by? -
JDMurray Admin Posts: 13,113 Admin
I would suggest reading through training materials for InfoSec certifications, such as Security+ and CISSP. YouTube is a good and free source of this material.