What is security policy ? Well, security policy is a documentation of rules for people who have access to the assets of a company that they need to follow in order for the company's technology and information to have confidentiality, integrity and availability.
Confidentiality refers to only authorized users have access to the information and assets. One way to find out if the user is authorized is to use authentication methods like having passwords and user-ID or fingerprint. These ways of authentication uniquely identify the users and control access to the assets.
Integrity refers to the state of the information whereby it is not modified by unauthorized personals, whereby the information is reliable.
Availability refers to the information and asset that is needed is always readily available for use and access.
Organizations create Security policy for six different purposes.
In order to create a baseline of the current security posture, set up the framework for security implementation, give a standard of behavior and a standard of handling security incidents, determine necessary tools and procedures, and to communicate consensus and define roles.
There are 2 categories of security policy element: Network design factors which security policies is based, and basic Internet vectors which security policies are written to mitigate.
Network Security will be used as a continuous process around a security policy to keep making improvisations to it so that the security policy can be as secure as possible.
REFERENCE : http://it.med.miami.edu/x904.xml
Through Jenny’s post, I have learnt more about security policy and how essential it is in securing the assets of an organization. I also learnt that it is through looking at the confidentiality, integrity and availability of information/data that these policies are made. Policies are also actually constantly changing, due to circumstances and environment. These changes can occur due to advancement in information technology, changing of employees and sometimes even the difference in management of the organization. Security policy also covers the physical security of the organizations such as doors, keys and locks. Now I know that there are 2 major categories of security policy. Network design factors, and basic internet vectors.
ReplyDeleteJenny explains the definitions of CIA well. She knows what security policy is and the reason it was implemented. She stated and explain the purpose of Security Policy well. I am able to learn the general definition of Security Policy through her post.
ReplyDelete