What is a security policy?



What is a security policy?..

Answer / yogendra

So the first inevitable question we need to ask is, “what
exactly is a security policy”? Well, a policy would be some
form of documentation that is created to enforce specific
rules or regulations and keep a structure on procedures.
Here, in the context of ‘security’, is simply a policy
based around procedures revolving around security. Think of
any other kind of policy… a disaster recovery policy is a
set of procedures, rules and plans revolving around having
a disaster and how to recover from it. Security polices are
much the same. Ok, now that you have the general idea now,
lets talk about what the security policy will generally
provide. Remember… a security policy is the foundation and
structure in which you can ensure your comprehensive
security program can be developed under. If I can make an
analogy, a security policy is like the spine, and the
firewalls, IDS systems and other infrastructure is the meat
and flesh covering it up. There are a great many things you
will need to understand before you can define your own.

Security policies are generally overlooked, not implemented
or thought of when it’s already too late. To keep you in
the loop on what this means, we can flip flop back to the
example I first stated with the Porn Surfer… It doesn’t
help ‘after’ the fact when your dealing with a court case,
if you had a policy in place to keep people informed about
what it is they can or cannot do (like surf the web during
business hours hitting sites that are not business related)
they may not do it in the first place, and If they do, you
have a tool (the policy) to hold them accountable.

So, now that we understand the fundamentals of what a
security policy is, lets sum it up in one sentence before
we move forward… A security policy is a living document
that allows an organization and its management team to draw
very clear and understandable objectives, goals, rules and
formal procedures that help to define the overall security
posture and architecture for said organization. This
article will cover the most important facts about how to
plan for and define a security policy of your own, and most
of all, to get you to think about it – whether you already
have one or not.

A security policy must also be created with a lot of
thought and process. You can make a security policy too
restrictive. If you do, you could cause a lot of strain on
your employees, who may be accustomed to one way of doing
business, and it may take awhile to grow them into a more
restrictive security posture based on your policy. A
security policy should contain some important functions and
they are as follows.

Is This Answer Correct ?    3 Yes 0 No

Post New Answer

More Networking Security Interview Questions

What is difference between baseband and broadband transmission

0 Answers   Elgi Equipments,


What is a security mechanism?

2 Answers  


Difference between the communication and transmission.

0 Answers   Elgi Equipments,


What are all the technical steps involved when the data transmission from server via router?

0 Answers  


Explain how do we use rsa for both authentication and secrecy?

0 Answers  






What is a ddos attack?

0 Answers  


What are the 5 aspects of IT-Security?

6 Answers   Infosys,


What are the types fo ddos attacks?

0 Answers  


who is a hacker?

0 Answers  


Why we called Active directory is active?

11 Answers   ATS, Spectrum, Symantec, TCS,


I want to reset the passwords of 100 users.how do you do it?

1 Answers   iGate,


What are the different types of network security?

0 Answers  


Categories
  • Networking Protocols Interview Questions Networking Protocols (671)
  • Networking Administration Interview Questions Networking Administration (1008)
  • Networking Security Interview Questions Networking Security (196)
  • Networking General Interview Questions Networking General (266)
  • Networking AllOther Interview Questions Networking AllOther (430)