Security Policy

A security policy is a formal statement of the rules by which people who are given access to an organization's technology and information assets must abide.

It should

• Inform users, staff and managers of their obligatory requirements for protecting technology and information assets.
• Specify the mechanisms through which these requirements can be met.
• Provide a baseline from which to acquire, configure and audit computer systems and networks for compliance with the policy.