Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
A security policy is a written document in an organization outlining how to protect the organization from threats, including computer security threats, and how to handle situations when they do occur.
A security policy must identify all of a company's assets as well as all the potential threats to those assets. Company employees need to be kept updated on the company's security policies. The policies themselves should be updated regularly as well.
A security policy should outline the key items in an organization that need to be protected. This might include the company's network, its physical building, and more. It also needs to outline the potential threats to those items. If the document focuses on cyber security, threats could include those from the inside, such as possibility that disgruntled employees will steal important information or launch an internal virus on the company's network. Alternatively, a hacker from outside the company could penetrate the system and cause loss of data, change data, or steal it. Finally, physical damage to computer systems could occur.
When the threats are identified, the likelihood that they will actually occur must be determined. A company must also determine how to prevent those threats. Instituting certain employee policies as well as strong physical and network security could be a few safeguards. There also needs to be a plan for what to do when a threat actually materializes. The security policy should be circulated to everyone in the company, and the process of safeguarding data needs to be reviewed regularly and updated as new people come on board.