Internet of everything
Internet of everything

This free course is available to start right now. Review the full course description and key learning outcomes and create an account and enrol if you want a free statement of participation.

Free course

Internet of everything

4.3.8 Security policy

Some people have malicious intent, while others make mistakes or follow unsecure practices, putting equipment and data at risk. To protect assets, rules and regulations must be put in place to define how users should act, what actions are right or wrong, what they are allowed to do, and how they access systems and data.

A security policy defines all of the rules, regulations, and procedures that must be followed to keep an organisation, its people, and systems secure. A security policy can be divided into many different areas to address specific types of risk (Table 11).

Table _unit4.3.3 Table 11 Types of security policies for people

Remote access policy Information privacy policy Computer security policy Physical security policy Password policy
Defines who can connect, how they can connect, when they can connect, and what devices can be used to connect to a system remotely. This policy also defines the assets that are accessible to a remote user. Defines what methods are used to protect information depending on the level of sensitivity. Generally, the more sensitive the information, the greater the level of protection used to secure it. Defines the way in which users are allowed to use computers. This policy might define who can use certain computers, what programs must be used to protect a computer, or if a certain storage media is allowed to be used. Defines how physical assets are secured. Some assets may need to be locked away at night, kept in a locked area at all times, or specifically designated not to leave the property. Defines what password will be used to access specific resources and the complexity of the password. Often, this policy will control how often a password must be changed.

The most important part of a security policy is user education. The people governed by the security policy must not just be aware of this policy; they must understand and follow it to ensure the safety of people, data, and things.

To learn more about security polices, visit the  SANS website [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] .

IOE_1

Take your learning further

Making the decision to study can be a big step, which is why you'll want a trusted University. The Open University has 50 years’ experience delivering flexible learning and 170,000 students are studying with us right now. Take a look at all Open University courses.

If you are new to university level study, find out more about the types of qualifications we offer, including our entry level Access courses and Certificates.

Not ready for University study then browse over 900 free courses on OpenLearn and sign up to our newsletter to hear about new free courses as they are released.

Every year, thousands of students decide to study with The Open University. With over 120 qualifications, we’ve got the right course for you.

Request an Open University prospectus