Policy is not a place to put detailed information. it is a place to state how management feel about the importance of security in the orgazation, and who should execute further security practices.
Procedure is a detailed step by step on how to do things. Guidelines is a generic approach of a specific issue. Password Policy is likely to be correctly termed as Password guidelines or procedure depending on their level of details. >OK, the part about protecting/changing passwords is a given, but I wonder >about your comment that "password structure is too detailed..." Regards, Leonard Ong, CISSP, CSS-1, CCSE, MCSE, MCDBA, CCNP, CCDP, NSA, LCP Network Security Specialist, APAC NOKIA Email. [EMAIL PROTECTED] Mobile. +65 9431 6184 Phone. +65 6723 1724 Fax. +65 6723 1596 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=52336&t=52061 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]