There are several differences between a policy, a standard, and a guideline. Policies are typically a statement produced by senior management relating to the protection of information. It outlines security roles and responsibilities. It also describes the controls that are set in place to protect pertinent information. Each policy should make some form of reference to the standards and guidelines that support it. Standards are typically low level controls that help enforce and support these policies. They help ensure consistency and usually contain controls relating to software or hardware. Guidelines usually consist of recommended, but non-mandatory controls. The purpose of these controls is to help support standards or to serve as a reference when no applicable standards are in place. They are not typically …show more content…
These are (Virtual Private Network) VPN Policy, Password Policy and Acceptable Use Policy. Acceptable Use Policy is a policy that outlines the acceptable use of computer equipment. This policy is in place to protect employees in regards to inappropriate use. Any case of inappropriate use can expose the network to several risks, including viruses. Passwords are the frontline of protection of user accounts. Password policies are in place for a variety of reasons. These policies are to establish a standard for strong password creation, the protection of the passwords, and the frequency at which it is changed. The Virtual Private Network (VPN) extends a private network across a public network like the internet. It enables users to send and receive data across shared or public networks. This is done as if they were directly connected to the private network. VPN policies are in place to ensure that unauthorized users are not allowed access to company internal networks. It is usually the responsibility of employees with VPN privileges to ensure that unauthorized users are not allowed access to the internal