Skip to content
Log in

Policy hierarchy

Definition

The layered document set that translates governance intent into operational requirements. Tiers typically run: information security policy, topic-specific policies, standards, procedures, and guidelines. Each tier must be consistent with and traceable to the tier above.

Related terms

CISO (Chief Information Security Officer)
The senior executive responsible for developing and maintaining the information security programme. The CISO reports to the board or a board committee...
Governance, Risk, and Compliance (GRC)
An integrated discipline that combines governance structures, risk management processes, and compliance monitoring into a unified programme. GRC platforms and frameworks allow...
Risk appetite
The amount and type of risk an organisation is willing to accept in pursuit of its objectives, as defined by its governing...
Security governance
The set of structures, roles, policies, and accountability mechanisms by which an organisation directs, controls, and monitors its information security activities. Governance...
Three lines of defence
A governance model that separates security responsibility into three distinct layers: operational management that owns controls (first line), risk and compliance functions...

Explained in

  • Security Governance Frameworks OverviewThe layered document set that translates governance intent into operational requirements. Tiers typically run: information security policy, topic-specific poli...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account