What is the difference between a security policy, a security standard, and a security procedure?

Question

Cybersecurity Fundamentals — Hard

What is the difference between a security policy, a security standard, and a security procedure?

Accepted Answer

A security policy outlines management goals, a standard details mandatory controls, and a procedure provides implementation steps. This distinction ensures that security measures are effectively planned, implemented, and followed.