Hey everyone, so today we have a bit of GRC in the building. During my internship studying the NIST framework, I would run across these words a lot and at first I didn't have an understanding of what they meant so here I am to break them down quite simply to you today. Will try to keep this a TLDR haha.
Processes - lists steps that specify what would be the next course of action
Guidelines - are recommendations given to the applications or network
Policies - criteria for security objectives
That's pretty much about it lads. Those are the clear-cut simplest ways to differentiate them.

Hey everyone, so today we have a bit of GRC in the building. During my internship studying the NIST framework, I would run across these words a lot and at first I didn't have an understanding of what they meant so here I am to break them down quite simply to you today. Will try to keep this a TLDR haha.

Processes - lists steps that specify what would be the next course of action

Guidelines - are recommendations given to the applications or network

Policies - criteria for security objectives

That's pretty much about it lads. Those are the clear-cut simplest ways to differentiate them.

The differences between processes, guidelines, and policies