Recommended operational policies

Information security policies can be broken down into three categories:

• Technical controls: The security controls (that is, safeguards or countermeasures) for an information system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software, or firmware components of the system
• Management controls: The security controls (that is, safeguards or countermeasures) for an information system that focuses on the management of risk and the management of information system security
• Operational controls: The security controls (that is, safeguards or countermeasures) for an information system that primarily are implemented and executed by people (as opposed to systems)

More information on information security policies is as follows: