A
security policy is a formal statement of the rules by which people who are
given access to
an organization’s technology and information assets must abide.
an organization’s technology and information assets must abide.
There are several forms of security policies such as:
Computer security policy
Information security policy
Network security policy
Information security policy
Network security policy
Computer security policy
A computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are
enforced by organizational policies or security mechanisms. A technical
implementation defines whether a computer system is secure or insecure. These formal policy models can be categorized into the core security
principles of: Confidentiality, Integrity and Availability.
Information security policy
Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them.
Network security policy
A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security
environment. The document itself is usually several pages long and
written by a committee. A security policy goes far beyond the simple
idea of "keep the bad guys out". It's a very complex document, meant to
govern data access, web-browsing habits, use of passwords and encryption, email attachments and more. It specifies these rules for individuals or groups of individuals throughout the company.
References
http://en.wikipedia.org/wiki/Security_policy
http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html
References
http://en.wikipedia.org/wiki/Security_policy
http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html
No comments:
Post a Comment