Next: Physical Security
Up: Networking Fundamentals: Technologies and
Previous: Threats
A security policy is a
formal statement of the rules
by which people
who are given access to an organization's technology and information
assets must abide.
It should
- Inform users, staff and
managers of their obligatory requirements for protecting technology
and information assets.
- Specify the mechanisms
through which these requirements can be met.
- Provide a baseline from which to acquire, configure and audit
computer systems and networks for compliance with the policy.
1999-03-14