A Security Policy is a set of objectives, rules of behaviour for users and administrators, and requirements for system configuration and management that collectively are designed to ensure Security of computer systems in an organization.

A Security Policy might include sections on:

  • Virus detection and prevention.
  • Firewall use and configuration.
  • Password strength and management.
  • Host System administration practices.
  • Access Control rules.
  • Use of Access Logs.
  • Use of screen locking software.
  • Logging out of unattended workstations.
  • Physical security.
  • Account termination.
  • Procedures for granting and revoking system access.

Return to IT Security Concepts