The Security Policy Baseline is a document that defines the client’s overall approach to information security. Where organizations express a common set of security aspirations there can be a greater degree of trust and information sharing. For this reason, the alignment of this document with industry standards, such as Sarbanes Oxley, PCI DSS and recognized best practices is essential.
Security standards for specific technologies such as servers, databases and firewalls are standards that tell support staff the configuration settings and practices that must me used to provide security that is appropriate for the business activity the technology supports. They also allow IT Auditors to quickly assess the level of compliance. Standardization means that the organization has fewer different configurations to manage. This simplifies support activities and this brings greater reliability and lower operating costs.
For sensitive security related activities such as user administration and incident management, Procedures bring consistency to the way in which these activities are performed. If they are done the right way, they bring greater system reliability