Differences between policy and law

“Most organizations develop and formalize descriptions of acceptable and unacceptable employee behavior which are called policies”.

“The rules the members of society create to balance the individual’s right to self-determination with the needs of the whole are called laws”

“The key difference between policy and law is that ignorance of policy is a viable defense,” but ignorance of law is not a viable defense. Another main difference between policy and law is policies are continuously updated, changed according to needs of the origination whereas changes to the law is lengthy process and requires approval.

Policies must be written in a way such that it can be easily understood, readily available , distributed to all individuals who are expected to compile with and acknowledged by the employee. Whereas laws are not easily and understood, distributed and not acknowledged by any individuals. Properly defined and enforced policies functions in an organization the same way as law, only for organization employees and not applicable to other outside organization. But law is applicable to everyone. Organizations policy must comply with law.

Difference between a threat and an attack

“A threat is a category of objects, persons, or other entities that represents a constant danger to an asset”.
“An attack is an act or event that exploits vulnerability”.
Main difference between threat and attack is a threat can be either intentional or unintentional where as an attack is intentional. Threat is a circumstance that has potential to cause loss or damage whereas attack is attempted to cause damage. Threat to the information system doesn’t mean information was altered or damaged but attack on the information system means there might be chance to alter, damage, or obtain information when attack was successful.