quartz/content/notes/14-policies-standards-practices.md

title	aliases	tags
14-policies-standards-practices		comp210 lecture

news

• apple securit flaw for iphones ipads and macs
• chrome patch actively exloited zero day
• github blighted by researcher who created thousands of malicious projects
• russian cyber attacks of lockheed martin
  • armed forces hack into HIMARS

Policies

Defn: a plan or course of action to influence and determine decisions

• high level rules regarding operations of organisation
• policies state the management intent and will
• governments, businesses, political parties, universities etc

provide roadmap for day-to-day operations

• organisation internal law
  • also comply with actual law
• important for resolution of legal disputes
  • provide accountability
  • can protect org and employees
• ensure consistency
  • dont often change or deteriorate when staff changes
• evidence of quality control, internal audits etc

good policies are

• disseminated
• read
• understood
• agreed-to
• uniformly enforced

Procedures

Defn: step by step descriptions of what employees must do to achieve a certain goal (as specified by a policy)

• must be kept separate from policies
• keeping them together will create a complex document that will (likely) not be read