Security basics

Musings on Information Security quotes one of the formal definitions of security policy:

A security policy is a formal statement of the rules by which people who are given access to an organization’s technology and information assets must abide.

Security policies could be classified into three types, according to policy objectives and an organization’s security profile:

  • Regulatory policies – are mandated by legal requirements
  • Advisory policies – contain acceptable practices and consequences of violation
  • Informative policies – are not enforceable, as they provide information about security issues and their possible consequences
  • A good policy should address the needs of the particular organization. It should be easily understandable and align with company’s overall business goals. Typically, security policy should contain the following issues:

  • Statement of authority and scope
  • Acceptable use policy
  • Identification and authentication policy
  • Internet use policy
  • Corporate network access policy
  • Remote access policy
  • Incident handling policy
  • Security policy is a powerful tool that provides you with the whole scope of necessary security measures and ultimately enables you to significantly redulce security cost.

    This blog is run by the authors of FindProtected, an effective information security solution. With Find Protected, IT administrators can do a deep inspection into employees’ files aiming to enforce an intelligent data security policy across the organization.

    Leave a Reply