Security Policies#
Definition of Security Policies
Security policy defines what you want to protect.
Good policies identify:
Procedures
guidelines and
safeguards for configuring and managing security in the organization’s environment.
Security policies provide many benefits to organizations:
Security vulnerabilities are identified and properly treated. This ensures security related risks are aligned with the organization’s level of risk tolerance.
A consistent approach to security reduces the likelihood and impact of a security breach.
Efficiencies are achieved when information is safely shared within the organization, as well as with customers, partners, and vendors.
Heightened security awareness increases the likelihood of compliance with the security policies.
Security policies are a soft form of protection. Having security policies gives no real tangible protection. But since human factors and awareness are very important in managing security risks, not having security policies is no option.
Creating your own security policies from scratch should always be avoided. Use and reuse good existing security policies. This:
Saves time.
Improves quality. Reuse means using existing policies and improving them or adjusting these where needed.
Tip
Tip Use and Reuse already good security policies.
Learn more and see examples of good Security Policies
See the section Security policies in the Open Security Reference Architecture.