When writing computer security policy, or any policy for that matter, it is important to remember that there is a hierarchy when it comes to the types of documents that make up policy. Laws & Regulations Policy Standards/Directives Procedure Guideline Laws & Regulations These are the compulsory rules, with sanctions, declared by the government for all citizens. Here in Canada, the laws are passed by elected members of parliament. In the United States, laws are passed by elected members of Congress, and then ratified by the Senate. The president signs the law into being. Policy A policy is "a high level statement of enterprise beliefs, goals, and objectives and the general means of attainment" (Peltier). Another way to look at it is that "policy is the articulation of the intentions of management". (Fites/Kratz) It's a course of action or a principle taken by a group of individuals used to govern themselves. Standards Standards could be def...