Dictionary defines: policy – a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body
COBIT defines: policy – Overall intention and direction as formally expressed by management
A good definition
ISO/IEC 27000 defines: policy – intentions and direction of an organization as formally expressed by its top management
A good definition almost identical to COBIT
ISACA defines: policy – 1. Generally, a document that records a high-level principle or course of action that has been decided on. 2. Overall intention and direction as formally expressed by management.
ESA defines: policy – A broad statement authorizing a course of action to enforce the organization’s guiding principles for a particular control domain.
Relies on specialized terms
NIST 800-53 defines: Information Security Policy – Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information.
Provides examples of policy rather than a definition, with specialized actions listed
O-TTPS defines: Framework – a set of best practices identified by a cross-industry forum which, if used by a technology vendor, may allow a government or commercial enterprise customer to consider the vendor’s products as more secure and trusted.
Verbose description rather than a definition.