UC Home Maps A-Z Index Web Search People Search UC Tools  
University of Cincinnati - UCit   University of Cincinnati - Home
 
 

Standards & Guidelines, Law & Policies - Definitions

When discussions are held in this area, it is not unusual for there to be confusion over the relevant terms. The following defines the difference between Policies, Procedures, Guidelines, Standards, Principles, Best Practices and Frameworks.

  • Law
    Federal and State requirements to which the University is bound and which may include civil and criminal penalties. No policy may legally be past that contradicts the law.
  • Policy
    Policies are senior managements directives to create an Information Security program, establish the goals of those programs, and assign responsibilities.
    Policies contain the following information:
    • Identify general areas of risk
    • State generally how to address the risk
    • Provide a basis for verifying compliance through audits
    • Outline implementation and enforcement plans
    • Balance protection with productivity
    Policies are of three (3) types:
    • Program policies address overall IT security goals and typically apply to all IT resources within an institution.
    • System-specific address the IT security issues and goals of a particular system
    • Issue-specific address particular IT security issues such as, Internet access, installation of unauthorized software or equipment, and sending/receiving e-mail attachments.
  • Procedure
    A course of action or series of steps to implement and enforce policies.
  • Guideline
    An indication of the scope and direction of policies and procedures. Guidelines contain the following information: Identify best practices to facilitate compliance Provide additional background or other relevant information
  • Standard
    Standards contain the following information: Define minimum requirements designed to address certain risks Define specific requirements that ensure compliance with policies
    Provide a basis for verifying compliance through audits Outline implementation and enforcement plans Balance protection with productivity
  • Best Practice
    A process or practice that is known to produce optimal results in a similar environment.
  • Framework
    A structure to facilitate the development of plans, policies and other documents.
 
InfoSec Home
Free Anti-Virus
Report an Incident
Security Update
 
 

Featured Article

 
 

It's all UC Footer rule line
 
Contact Us | University of Cincinnati | 2600 Clifton Ave., Cincinnati, Ohio 45221
Undergraduate Admission: 513-556-1100 | Graduate Admission: 513-556-4335
University Information: 513-556-6000 | Copyright Information © 2006