Implementation Guidance
a) Distinguish between standards, guidelines and procedures. In your explanation, include when each should be used within an organization.
Procedures are the sequential phases that direct employees for any activities within a company. A standard specifies how to support the policy in the organization. The standards can be based on the industry or practices of the organization or combination of both. The guidelines provide recommendations on how the requirements can be met while procedures define how the above policies, standards, and guidelines will be incorporated and then implemented seamlessly.
Procedures are created to support the implementation of policies in an organization. Also, procedures describe precisely what can be used to protect database, network, and how the users need to utilize the system. For example, users must change their passwords every-90-days.
For the standards, an organization needs to implement rules and recommendations that NIST has already established, such as NIST Special Publication (SP) 800-53, that has suggestions for security controls for the Federal information systems. These recommendations include protection of passwords from unauthorized exposure, prohibits the display of passwords as they are entered, enforced minimum and maximum password lifetime, and prevents the reuse of passwords.
Besides, guidelines are voluntary actions based on policies, standards, and procedures. They can be recommendations of best practices from bodies like NIST, ISO, and CIS. To have guidelines that are easy to follow, there must be secure procedures laid down forehand (Chapple, 2018). Security teams should come up with a system that will be acceptable by both technical and non-technical parties. Guidelines include encryption of passwords, secure communication, a lockout of users upon failed login attempts, setting a period of 90-days to change passwords, minimum and maximum requirements of characters in a password and use of numbers, capital letters, and special characters in passwords (Moody, 2018).
In conclusion, the three aspects ensuring security in organizations must work together to achieve total security. Policies should be set to suit specific organizations. Then the users can align their operations to standards as speculated by a certified source like NIST. Guidelines are also fundamental in ensuring the policies and standards are safe for every user, and their access to information is as the organization has allowed. The incorporation of the three aspects is a guarantee of the practical and secure operation of an organization.