Information about Security Policy
A security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people.
Because the security policy is a high level definition of secure behavior, it is meaningless to claim an entity is "secure" without knowing what "secure" means. It is also foolish to make any significant effort to address security without tracing the effort to a security policy.
Because the security policy is a high level definition of secure behavior, it is meaningless to claim an entity is "secure" without knowing what "secure" means. It is also foolish to make any significant effort to address security without tracing the effort to a security policy.
Significance
If it is important to be secure, then it is important to be sure all of the security policy is enforced by mechanisms that are strong enough. There are organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. However, this practice has pitfalls. It is too easy to simply go directly to the sub-policies, which are essentially the rules of operation and dispense with the top level policy. That gives the false sense that the rules of operation address some overall definition of security when they do not. Because it is so difficult to think clearly with completeness about security, rules of operation stated as "sub-policies" with no "super-policy" usually turn out to be rambling ad-hoc rules that fail to enforce anything with completeness. Consequently, a top level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless without it.See also
- Access control
- Computer security policy
- Enviromental design
- Information Protection Policy
- Information security policy
- National security policy, Military strategy
- Network security policy
- Photo identification
- Physical Security
- Policy
- Remote Access Policy
- Security
- Security engineering
- User Account Policy
An Information System (IS) is the system of persons, data records and activities that process the data and information in a given organization, including manual processes or automated processes.
..... Click the link for more information.
..... Click the link for more information.
access control refers to the practice of restricting entrance to a property, a building, or a room to authorized persons. Physical access control can be achieved by a human (a guard, bouncer, or receptionist), through mechanical means such as locks and keys, or through
..... Click the link for more information.
..... Click the link for more information.
A computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms.
..... Click the link for more information.
..... Click the link for more information.
Information protection policy is a document which provides guidelines to users on the processing, storage and transmission of sensitive information. Main goal is to ensure information is appropriately protected from modification or disclosure.
..... Click the link for more information.
..... Click the link for more information.
Information security policies are a special type of documented business rule for protecting information and the systems which store and process the information. Information security policies are usually documented in one or more information security policy documents.
..... Click the link for more information.
..... Click the link for more information.
National security refers to the requirement to maintain the survival of the nation-state through the use of economic, military and political power and the exercise of diplomacy.
..... Click the link for more information.
..... Click the link for more information.
Military strategy is a collective name for planning the conduct of warfare. Derived from the Greek strategos, strategy was seen as the "art of the general". Military strategy deals with the planning and conduct of campaigns, the movement and disposition of forces, and the
..... Click the link for more information.
..... Click the link for more information.
A network security policy is a generic document that outlines rules for computer network access, determines how policies are enforced and lays out some of the basic architecture of the company security/ network security environment.
..... Click the link for more information.
..... Click the link for more information.
Photo identification is generally used to define any form of identification that includes a photograph of the holder.
Some countries use a government issued card as a proof of age or citizenship.
..... Click the link for more information.
Some countries use a government issued card as a proof of age or citizenship.
..... Click the link for more information.
Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple layers of armed guardposts.
..... Click the link for more information.
..... Click the link for more information.
policy is a deliberate plan of action to guide decisions and achieve rational outcome(s). The term may apply to government, private sector organizations and groups, and individuals.
..... Click the link for more information.
..... Click the link for more information.
Remote access policy is a document which outlines and defines acceptable methods of remotely connecting to the internal network. It is essential in large organization where networks are geographically dispersed and even extend into the homes.
..... Click the link for more information.
..... Click the link for more information.
Security is the condition of being protected against danger or loss. In the general sense, security is a concept similar to safety. The nuance between the two is an added emphasis on being protected from dangers that originate from outside.
..... Click the link for more information.
..... Click the link for more information.
Security engineering is the field of engineering dealing in developing detailed engineering designs for security systems and for security of spaces. It is similar to systems engineering in that its motivation is to make a system meet requirements, but with the added dimension of
..... Click the link for more information.
..... Click the link for more information.
User Account Policy is a document which outlines the requirements for requesting and maintaining an account on computer systems or networks, typically within an organization. It is very important for large sites where users typically have accounts on many systems.
..... Click the link for more information.
..... Click the link for more information.
This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.
Herod_Archelaus
