Assignment Problem: As a CISO, it is important to stay up to date with modern controls being decided in the cyber security community. Some of these controls could be standards, policies, and guidelines. The difference between these three ideals is key. The site ccexpert.us states that "to illustrate the relationship between policies, standards, and procedures as a pyramid. Keep in mind that standards and guidelines are interchangeable and occupy the same level in the pyramid. As you go down the pyramid, the documents get more detailed and are more subject to change. So, policies are broad and do not change often. Standards and guidelines are more detailed but more susceptible to change. Procedures are extremely detailed and may frequently change as they incorporate new standards or methods of performing the given tasks."
As a CIO/ CISO - the key is not just developing policy... but having the employees follow it.
Answer the following:
Question 1: How would you ensure that employees follow??
Question 2: How do you see this in your respective organizations??