A Security Policy is a set of objectives, rules of behaviour for users and administrators, and requirements for system configuration and management that collectively are designed to ensure Security of computer systems in an organization.
A Security Policy might include sections on:
- Virus detection and prevention.
- Firewall use and configuration.
- Password strength and management.
- Host System administration practices.
- Access Control rules.
- Use of Access Logs.
- Use of screen locking software.
- Logging out of unattended workstations.
- Physical security.
- Account termination.
- Procedures for granting and revoking system access.