owner, custodian, operator/user, and auditor.

                6.  The four components of a security policy are policies, standards,
                    guidelines, and procedures. Policies are broad security statements.

                    Standards are definitions of hardware and software security
                    compliance. Guidelines are used when there is not an appropriate
                    procedure. Procedures are detailed step-by-step instructions for
                    performing work tasks in a secure manner.