Editing Policy

== Definitions ==

=== Computer security ===

'''Policy''' is 

{{Quote|senior management's directives to create a [[computer security]] program, establish its goals, and assign responsibilities. The term policy is also used to refer to specific [[security]] rules for particular [[system]]s. Additionally, policy may refer to entirely different matters, such as the specific managerial decisions setting and organization's [[e-mail privacy]] policy or [[fax]] [[security]] policy.<ref>[[NIST Special Publication 800-18]], at 33.</ref>}}

{{Quote|[o]rganizational-level rules governing acceptable use of [[computing resources]], [[security]] practices, and [[operational]] [[procedure]]s.<ref>[[Information Technology Security Handbook]], Annex 1, Glossary.</ref>}}

=== General ===

A '''policy''' is 

{{Quote|a formal [[document]] describing roles, responsibilities, [[standard]]s, and enforcement mechanisms with regard to a particular issue.<ref>[https://wiki.internet2.edu/confluence/display/itsg2/Glossary Information Security Guide 2 - Glossary.]</ref>}}

{{Quote|[t]he principles and values that guide the performance of a duty. A policy is not a statement of what must be done in a particular situation. Rather, it is a statement of guiding principles that should be followed in activities that are directed toward the attainment of goals.<ref>[[U.S. Department of Justice]], Minimum Criminal Intelligence Training Standards for Law Enforcement and Other Criminal Justice Agencies in the United States 43 (Ver. 2) (Oct. 2007) ([http://www.iir.com/Information_Sharing/global/resource/products/minimum_criminal_intel_training_standards.pdf full-text]).</ref>}}

{{Quote|a high level, strategic statement, authorized by the executive management that dictates what type of position the organization has taken on specific issues.<ref>Newfoundland-Labrador, [[Office of the Chief Information Officer]], Information Management and Information Protection Glossary of Terms ([http://www.ocio.gov.nl.ca/ocio/im/glossary.html#Policy full-text]).</ref>}}

{{Quote|[t]he set of authoritative directives related to a topic including [[statute]], [[regulation]], executive directions, and applicable managerial decisions, both foreign and domestic.<ref>[[NSTAC Report to the President on Cloud Computing]], at C-4.</ref>}}

{{Quote|[[guidance|[g]uidance]] that is directive or instructive, stating what is to be accomplished. It reflects a conscious choice to pursue certain avenues, and not others. Policies may change due to changes in national leadership, political considerations, or for fiscal reasons.<ref>[[Air Force Supplement to the Department of Defense Dictionary of Military and Associated Terms]], at 51.</ref>}}

== References ==
<references />

== See also ==

<div style="column-count:2;-moz-column-count:2;">

* [[Acceptable Use Policy]]
* [[Capstone Policies]]
* [[Competition policy]]
* [[Cybersecurity policy]]
* [[Dig once policy]]
* [[Foreign policy]]
* [[Industrial policy]]
* [[Information policy]]
* [[Issue-specific policy]]
* [[Policies and procedures]]
* [[Privacy policy]]
* [[Program policy]]
* [[Public policy]]
* [[Security policy]]
* [[Spectrum policy]]
* [[System-specific policy]]
* [[Technology policy]]
* [[Telecommunications policy]]

</div>
[[Category:Miscellaneous]]
[[Category:Definition]]