What are policies, standards, and guidelines?The Information Security Office (ISO) develops, maintains, and audits a series of documents that aim to improve the overall information security strategy for the Institute. These collection of documents guide the development and implementation of all tools, training and information security processes for the Institute.
A policy is a high-level document that serves as the baseline requirement to address an information security risk or principle. These documents provide the purpose, scope, roles and responsibilities, and policy rules that describe the Institute's position on a particular subject. For Wentworth, these high-level governing rules are aggregated into a single document known as the Written Information Security Program.
A standard serves as the document that describes and details how the policy will be enacted. These standards provide the specific requirements for the controls put in place. There can be multiple standards to address each policy requirement in the WISP, and are more dynamic as the information resources, technology, regulations, and use of these resources change. The ISO has adapted the Critical Security Controls developed by the Council on CyberSecurity and available on the CSC page.
A guide provides those that use or maintain the information resources a practical document for implementing a control or process implementation based on the standards document. These documents are the most dynamic and are continually updated to ensure best practices are used in the implementation of a standard.
Information Security Policies
DTS Policies, Standards, and Guidelines are available at the DTS Policies page.