Vocabulary – Policy


Dictionary defines: policy – a high-level overall plan embracing the general goals and acceptable procedures especially of a governmental body

COBIT defines: policy – Overall intention and direction as formally expressed by management

A good definition

ISO/IEC 27000 defines: policy – intentions and direction of an organization as formally expressed by its top management

A good definition almost identical to COBIT

ISACA defines: policy – 1. Generally, a document that records a high-level principle or course of action that has been decided on. 2. Overall intention and direction as formally expressed by management.

Not simple.

ESA defines: policy – A broad statement authorizing a course of action to enforce the organization’s guiding principles for a particular control domain.

Relies on specialized terms

NIST 800-53 defines: Information Security Policy – Aggregate of directives, regulations, rules, and practices that prescribes how an organization manages, protects, and distributes information.

Provides examples of policy rather than a definition, with specialized actions listed

O-TTPS defines: Framework – a set of best practices identified by a cross-industry forum which, if used by a technology vendor, may allow a government or commercial enterprise customer to consider the vendor’s products as more secure and trusted.

Verbose description rather than a definition.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s