What is a security policy?
- 1 Answers
- 4899 Views
- I also Faced
- E-Mail Answers
Answer / yogendra
So the first inevitable question we need to ask is, “what
exactly is a security policy”? Well, a policy would be some
form of documentation that is created to enforce specific
rules or regulations and keep a structure on procedures.
Here, in the context of ‘security’, is simply a policy
based around procedures revolving around security. Think of
any other kind of policy… a disaster recovery policy is a
set of procedures, rules and plans revolving around having
a disaster and how to recover from it. Security polices are
much the same. Ok, now that you have the general idea now,
lets talk about what the security policy will generally
provide. Remember… a security policy is the foundation and
structure in which you can ensure your comprehensive
security program can be developed under. If I can make an
analogy, a security policy is like the spine, and the
firewalls, IDS systems and other infrastructure is the meat
and flesh covering it up. There are a great many things you
will need to understand before you can define your own.
Security policies are generally overlooked, not implemented
or thought of when it’s already too late. To keep you in
the loop on what this means, we can flip flop back to the
example I first stated with the Porn Surfer… It doesn’t
help ‘after’ the fact when your dealing with a court case,
if you had a policy in place to keep people informed about
what it is they can or cannot do (like surf the web during
business hours hitting sites that are not business related)
they may not do it in the first place, and If they do, you
have a tool (the policy) to hold them accountable.
So, now that we understand the fundamentals of what a
security policy is, lets sum it up in one sentence before
we move forward… A security policy is a living document
that allows an organization and its management team to draw
very clear and understandable objectives, goals, rules and
formal procedures that help to define the overall security
posture and architecture for said organization. This
article will cover the most important facts about how to
plan for and define a security policy of your own, and most
of all, to get you to think about it – whether you already
have one or not.
A security policy must also be created with a lot of
thought and process. You can make a security policy too
restrictive. If you do, you could cause a lot of strain on
your employees, who may be accustomed to one way of doing
business, and it may take awhile to grow them into a more
restrictive security posture based on your policy. A
security policy should contain some important functions and
they are as follows.
| Is This Answer Correct ? | 3 Yes | 0 No |
What is trojan virus?
Explain for a small lan which class of addressing is used?
What if the machine doesnt show entry in Network neighbourhood and its showing it in Active directory users and computers?
What are manageable and non manageable switches?
What is information security?
What is subnet
What does cia stand for in security management?
Why is it important to have a nac solution?
What is dss?
In context of public key encryption, if you are using both signature and encryption features, what key will you use for encryption and which one will you use for signing?
How can i bypass websence to open the restricted sites?
What is an information security management system (isms)?
Networking Protocols 
