security policy

Security policy is basically what it means to be secure for a system, organization or other entity. The topic of security policy is very wide as there are many forms of it. They include computer security policy, information security policy, national security policy, network security policy and virtual security policy,

In an organization, the constraints that are addressed include the behaviour of the members of the organization. They include the workers and staffs. Also, there are constraints imposed on adversaries by mechanisms such as the doors, locks and keys used.

A security policy may also be a document that states how a company plans to protect the company’s physical and information technology assets. Unlike a contract, a security policy is considered to be a living document because it is never finished. A contract will stay the same after it is signed but a security policy is never completed. This is due to the fact that there is consistently new technology, and employees need change.

On the other hand, a network security policy is a generic document that outlines rules for computer network access. Written by a committee, it determines how policies are enforced in the network. It specifies rules for individuals or groups of individuals throughout the company.


source: searchsecurity.techtarget.com/definition/security-policy