Computer security policy A computer security policy defines the goals and elements of an organization 's computer systems . The definition can be highly formal or informal . Security policies are enforced by organizational policies or security mechanisms . A technical implementation defines whether a computer system is secure or unsecure . These formal policy models can be categorized into the core security principles of : Confidentiality , Integrity and Availability . For example the Bell LaPadula model is a confidentiality policy model , whereas Biba model is an integrity policy model . Formal description If a computer system is regarded as a finite-state automaton with a set of transitions ( operations ) that change the system 's state , then a security policy can be seen as a statement that partitions these states in authorized and unauthorized ones . Given this simple definition one can define a secure system as one that starts in an authorized state and will never enter an unauthorized state . Formal Policy Models Confidentiality Policy Model Bell LaPadula model Integrity Policies Model Biba model Clark-Wilson model Hybrid Policy Model Chinese Wall Policy languages To represent a concrete policy especially for automated enforcement of it , a language representation is needed . There exist a lot of application specific languages that are closely coupled with the security mechanisms that enforce the policy in that application . Compared with this abstract policy languages , e.g. the Domain Type Enforcement -Language , are independent of the concrete mechanism . See also Information Assurance - CIA Triad References Bishop , Matt ( 2004 ) . Computer security : art and science . Addison-Wesley . McLean , John. ( 1994 ) . `` Security Models '' . Encyclopedia of Software Engineering 2 : 1136–1145 . New York : John Wiley & Sons , Inc . Categories : Computer security procedures | Computer security models In other languages : Esperanto | Français Bishop Matt Computer security : art and science Addison-Wesley 2004 McLean John Security Models Encyclopedia of Software Engineering 2 1136–1145 John Wiley & Sons , Inc New York 1994 