Watch this video on YouTube
What is the most compelling justification for maintaining a distinction between information security policies and procedures?