Procedures are step-by-step instructions in support of of the policies, standards, guidelines and baselines. The procedure indicates how the policy will be implemented and who does what to accomplish the tasks.”
Standards is incorrect. Standards are a “Mandatory statement of minimum requirements that support some part of a policy, the standards in this case is your own company standards and not standards such as the ISO standards”
Guidelines is incorrect. “Guidelines are discretionary or optional controls used to enable individuals to make judgments with respect to security actions.”
Baselines is incorrect. Baselines “are a minimum acceptable level of security. This minimum is implemented using specific rules necessary to implement the security controls in support of the policy and standards.” For example, requiring a password of at leat 8 character would be an example. Requiring all users to have a minimun of an antivirus, a personal firewall, and an anti spyware tool could be another example.
References:
CBK, pp. 12 -16. Note especially the discussion of the “hammer policy” on pp. 16-17 for the differences between policy, standard, guideline and procedure. AIO3, pp. 88-93.