一個很好的例子,說明信息安全方針、標準、指導方針、流程的關係:
A corporation’s security
policy indicates that confidential information should be properly protected. It states
the issue in very broad and general terms. A supporting standard mandates that all
customer information held in databases must be encrypted with the Advanced Encryption
Standard (AES) algorithm while it is stored and that it cannot be transmitted over
the Internet unless IPSec encryption technology is used. The standard indicates what
type of protection is required and provides another level of granularity and explanation.
The supporting procedures explain exactly how to implement the AES and IPSec
technologies, and the guidelines cover how to handle cases when data is accidentally
corrupted or compromised during transmission. All of these work together to provide
a company with a security structure.
policy indicates that confidential information should be properly protected. It states
the issue in very broad and general terms. A supporting standard mandates that all
customer information held in databases must be encrypted with the Advanced Encryption
Standard (AES) algorithm while it is stored and that it cannot be transmitted over
the Internet unless IPSec encryption technology is used. The standard indicates what
type of protection is required and provides another level of granularity and explanation.
The supporting procedures explain exactly how to implement the AES and IPSec
technologies, and the guidelines cover how to handle cases when data is accidentally
corrupted or compromised during transmission. All of these work together to provide
a company with a security structure.