CSDD_L2
CSDD_L2
and Defense- in
Depth
Lecture 2
9 Oct 2024
: ﺗﺟ ﻣ ﯾﻊ وإ ﻋد ا د
أ ﺣ ﻣ د ﺣ ﺳ ﯾن
Security Policy
What is security policy?
• A Security Policy constitutes a formal document that articulates,
in written form, the methodology by which an organization intends
to safeguard its tangible and information technology (IT) assets.
• Briefly: A document that states clearly the goal of the protection
mechanisms.
• Security policies are dynamic documents that undergo perpetual
revisions and modifications in response to evolving technologies,
emerging vulnerabilities, and shifting security imperatives.
• Security policy describes which principal may access which data.
An example:
• Security policy model a short document (page or less) stating
essential system's protection properties.