Operating Infrastructure: All businesses encompass some fundamental rules which depend on to function efficiently. In small businesses, such rules are implemented in the form of an oral representation at the time of employment of a fresh employee to the organization. Though, at medium or big companies, such rules are implemented in the form of a written document which is given to an employee at the time of employment. Comprising rules, either written or oral, is no guarantee that the organization will be given with the results predicted. This is as of trust issues and the understanding of rules. Orally communicated rules are not recommended method since they are prone to misunderstandings, and it is hard to prove violations of rules whenever a conflict takes place. Therefore, written rules are recommended technique.
Since a rule’s level of detail can differ depending on its aim, a structure organizing the different kinds of rules is the desired procedure for every organization. The common structure employed in Information Security follows:
Policies → Standards → Baselines → Guidelines → Procedures