Tue Mar 10 20:43:03 PDT 2015

Management: Procedures: What procedures are implemented and how?


Procedures cover [all / most / some] of the activities by which [policies are implemented / protection activities are carried out / user activities are carried out], are defined and implemented in [writing / a workflow system / checklists / ad-hoc methods / a fully automated system], and are [carried out only by authorized parties / documented as carried out / tracked / audited / measured / optimized (specify against what criteria) / adapted over time]


Procedures are the sequences of steps and conditionals associated with enacting the mandates of policies and related activities. While ideally there are procedures for everything, the cost of specifying them may exceed the value they bring, especially for immature low consequence situations. As maturity and consequences increase, more and more of the activities by which policies are implemented, protection activities are carried out, and user activities are carried out are defined, automated, documented, tracked, audited, measured, optimized, and adapted over time.

Copyright(c) Fred Cohen, 1988-2013 - All Rights Reserved

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>