Security policy is a definition of what it means to be secure for a
organization or system. For an organization, it monitors the behavior of its members and imposes mechanisms such as doors, locks, keys and walls. For
systems, the security policy monitors the functions and flow
among them and constraints the access of external systems and others including programs and access to data by people.
The many types of security policies are such as:
Computer security policy
Network security policy
Information protection policy
Computer security policy
A computer security policy defines the goals and elements of an
organization's computer systems. The definition can be highly formal or
informal. Security policies are enforced by organizational policies or
security mechanisms. A technical implementation defines whether a
computer system is secure or insecure. These formal policy
models can be categorized into the core security principles of:
Confidentiality, Integrity and Availability.
Network security policy
A network security policy is a generic document that outlines rules for network access, determines how policies are enforced and lays out some of the basic architecture of the company secure
environment. It's a very detailed document, meant to
control data access, internet surfing habits, use of passwords and email attachments and much more others. It specifies these rules for individuals or groups throughout the company.
Information protection policy
Information protection policy is a document which provides
guidelines to users on the processing, storage and transmission of
sensitive information. The main goal is to ensure information is
appropriately protected from modification or disclosure. It may be
appropriate to have new employees sign policy as part of their agreement which would define the levels of sensitivity on information.
Reference :http://en.wikipedia.org/wiki/Security_policy
Nice blog you've got there.
ReplyDeleteIn the computer security policy, you stated "A computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal.". You can probably elaborate on what "highly formal" and "informal" means.
As for your network security policy, the policies could be expressed as a set of instructions that could be understood by special purpose network hardware dedicated for securing the network.
This comment has been removed by the author.
ReplyDeleteYour post is very clear and cool; that is very good. The information of the security policies are understandable and interesting. Perhaps you can elaborate more on the information protection policy section? I have been a number one fan of your blog and I hope that I can learn more from you. Hopefully you can share with us more information and examples on the security policies with the vast knowledge of yours. Maybe you can also add some interesting pictures and helpful videos to help your fans understand more on security policies. Thank you for your help.
ReplyDeleteRegards
Your number one fan
This blog post has allowed me to better understand the common types of network attacks which include Hijacking, spoofing and DoS. The attacks were well explained and are simple enough for someone to understand just by reading it once. Pictures have also been provided in order to better facilitate the understanding of the reader is a good aspect of this blog post.
ReplyDeleteThe topic on Security Policy has described the common types of security policies well. Proper paragraphing has been applied here which has allowed the user to read the article better. The use of bolding on the topic title is also good as it informs the user clearly that it is the beginning of a new topic.
-Amos Lee