A security policy is a written statement of a company's aspirations regarding the security of its information technology (IT) and physical assets. Security policies are dynamic, ever-evolving documents that adapt to new security requirements, vulnerabilities, and technologies. The organization's written policy outlines how to keep the organization safe from threats and how to respond to them when they do arise. A security policy is also referred to as a "living document," which means that it is constantly updated to reflect changes in both employee and technological requirements.
Data is king. Data is regarded as the 'oil' of the future. Today, there are many different kinds of security policy networks, and the top organizations in the world are utilizing them to their fullest potential. Therefore, every organization's top priority is to protect this data. The creation of an information security policy draught is typically done before an organization officially launches. It is of utmost importance. There are numerous draughts for various information security policy types.
Policies are not technology specific and accomplish 3 things:
1. They limit or get rid of the employees' and third parties' legal responsibility.
2. They keep private and proprietary information from being stolen, used wrongly, shared without permission, or changed.
3. They keep the company from using all of its computer resources.
Goals of security policies
1. To keep track of a plan for managing and running network security
2. To protect the computer resources of an organization
3. To get rid of legal problems caused by workers or other people
4. To keep the company from wasting its computer resources
5. To prevent unauthorized modifications of the data
6. To scale back risks caused by illegal use of the system resource
7. To differentiate the user's access rights
8. To protect confidential, proprietary data from theft, misuse, and unauthorised disclosure