An operational policy describes what "secure" is for a system/organization or other entity. It outlines objectives for security for employees, and ensures it aligns with management strategy for securing information. This is the first step of a cyber security program, as it describes what the organization wants to achieve. It then has rules and procedures for individuals accessing and using an organizations IT assets and resources and how they are used and what consequences may exist. It broadly states in writing how a company plans to protect the companies physical and IT assets at a high-level and allows for more details in lower level documents closer to the people who actually work with the systems aimed to be protected.
In the context of policy, it has more than a single meaning. It may refer to an "Organizational Security Policy" which defines security for the organization, or managements security goals and objectives. Or it may be a document that puts security into writing, or has rules and procedures for humans in an acceptable use policy (AUP), or rules and procedures for security controls (password policy, firewall policy). There were numerous opportunities to explore the full gamut of operational policy as it relates to cyber security in the CSOL 540 course. Included in the sub-sections are a few assignments which stood out to me as impactful or meaningful in my job roles.
In the context of policy, it has more than a single meaning. It may refer to an "Organizational Security Policy" which defines security for the organization, or managements security goals and objectives. Or it may be a document that puts security into writing, or has rules and procedures for humans in an acceptable use policy (AUP), or rules and procedures for security controls (password policy, firewall policy). There were numerous opportunities to explore the full gamut of operational policy as it relates to cyber security in the CSOL 540 course. Included in the sub-sections are a few assignments which stood out to me as impactful or meaningful in my job roles.