Internet of everything
Internet of everything

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

4.3.8 Security policy

Some people have malicious intent, while others make mistakes or follow unsecure practices, putting equipment and data at risk. To protect assets, rules and regulations must be put in place to define how users should act, what actions are right or wrong, what they are allowed to do, and how they access systems and data.

A security policy defines all of the rules, regulations, and procedures that must be followed to keep an organisation, its people, and systems secure. A security policy can be divided into many different areas to address specific types of risk (Table 11).

Table 11 Types of security policies for people
Remote access policyInformation privacy policyComputer security policyPhysical security policyPassword policy
Defines who can connect, how they can connect, when they can connect, and what devices can be used to connect to a system remotely. This policy also defines the assets that are accessible to a remote user.Defines what methods are used to protect information depending on the level of sensitivity. Generally, the more sensitive the information, the greater the level of protection used to secure it.Defines the way in which users are allowed to use computers. This policy might define who can use certain computers, what programs must be used to protect a computer, or if a certain storage media is allowed to be used.Defines how physical assets are secured. Some assets may need to be locked away at night, kept in a locked area at all times, or specifically designated not to leave the property.Defines what password will be used to access specific resources and the complexity of the password. Often, this policy will control how often a password must be changed.

The most important part of a security policy is user education. The people governed by the security policy must not just be aware of this policy; they must understand and follow it to ensure the safety of people, data, and things.

To learn more about security polices, visit the  SANS website [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] .

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to University-level study, we offer two introductory routes to our qualifications. You could either choose to start with an Access module, or a module which allows you to count your previous learning towards an Open University qualification. Read our guide on Where to take your learning next for more information.

Not ready for formal University study? Then browse over 1000 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus371