My OpenLearn Profile

Personalise your OpenLearn profile, save your favourite content and get recognition for your learning

Create account / Sign in

Course content Course content

Internet of everything

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

More free courses

4.3.8 Security policy

Some people have malicious intent, while others make mistakes or follow unsecure practices, putting equipment and data at risk. To protect assets, rules and regulations must be put in place to define how users should act, what actions are right or wrong, what they are allowed to do, and how they access systems and data.

A security policy defines all of the rules, regulations, and procedures that must be followed to keep an organisation, its people, and systems secure. A security policy can be divided into many different areas to address specific types of risk (Table 11).

Table _unit4.3.3 Table 11 Types of security policies for people
Remote access policy	Information privacy policy	Computer security policy	Physical security policy	Password policy
Defines who can connect, how they can connect, when they can connect, and what devices can be used to connect to a system remotely. This policy also defines the assets that are accessible to a remote user.	Defines what methods are used to protect information depending on the level of sensitivity. Generally, the more sensitive the information, the greater the level of protection used to secure it.	Defines the way in which users are allowed to use computers. This policy might define who can use certain computers, what programs must be used to protect a computer, or if a certain storage media is allowed to be used.	Defines how physical assets are secured. Some assets may need to be locked away at night, kept in a locked area at all times, or specifically designated not to leave the property.	Defines what password will be used to access specific resources and the complexity of the password. Often, this policy will control how often a password must be changed.

The most important part of a security policy is user education. The people governed by the security policy must not just be aware of this policy; they must understand and follow it to ensure the safety of people, data, and things.

To learn more about security polices, visit the SANS website [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] .

Previous 4.3.7 Redundancy and high availability

Next 4.3.9 Personal data and the IoE

Take your learning further

Making the decision to study can be a big step, which is why you’ll want a trusted University. We’ve pioneered distance learning for over 50 years, bringing university to you wherever you are so you can fit study around your life. Take a look at all Open University courses.

If you’re new to university-level study, read our guide on Where to take your learning next, or find out more about the types of qualifications we offer including entry level Access modules, Certificates, and Short Courses.

Want to achieve your ambition? Study with us and you’ll be joining over 2 million students who’ve achieved their career and personal goals with The Open University.

Browse all Open University courses

My OpenLearn Profile

About this free course

Become an OU student

Download this course

Share this free course

4.3.8 Security policy