What Is a Security Policy?

A security policy in its basic form is an organization’s blueprint for a code of ethics, the policies and procedures used to enforce the operational integrity of a business’ operations. A security policy must be adopted by senior management and well-communicated throughout the organization for it to be considered in force and thus effective from a managerial perspective. The role of the security policy is to deter unauthorized activities by staff against internal resources or the use of those resources for anything other than business activities. A security policy provides the generally accepted guidelines for acceptable activities within the organization and introduces accountability for an individual’s actions in relation to the policies set forth by the organization. Although it is possible to completely submerge oneself into policy and procedure overload, one must determine what is a reasonable level of bureaucracy to conduct business without impeding it. Unless there is a good reason to introduce a policy against an activity, do not introduce it. Carefully weigh its pros and cons and make sure it does not make someone’s job or ability to do that job unbearable or, worse yet, prevent someone from doing it or doing it properly.