InfoSec Policies and Standards Overview
Policies and Standards |
![]() |
The policies and standards were divided into a framework of five basic areas:
-
General
Basic responsibilities, business continuity and disaster recovery, intellectual property, exceptions, sanctions and incidents. -
Accounts and Usage
User accounts, acceptable use and passwords. -
Computing Devices
Workstations, servers and other computing devices, protection from malicious software, backup and retention of data as well as inventory, tracking, redeployment and discarding of computing devices or media. -
Network Services
Network service and web sites. -
Data Centers and Facilities
Data facility security.
The charts below illustrate the framework at both the policy level and the standards level.
Policy Map:
Policy and Standards Map:
[Next]


