Professional Documents
Culture Documents
What Is A Security Policy
What Is A Security Policy
com
In the IT world, we protect an organization by having a strong, well-de ned security policy. In this lesson, we'll
examine how to create an e ective policy that protects assets, employees, and data.
An organization needs to have a security policy that is de ned, appropriate and exible, and a living
document that can adapt to the ever-evolving technology. This security policy covers how
employees can use the company's technology and how an IT department works with employees to
leverage and secure that technology. Best practice for IT security is a defense in depth strategy,
which involves multiple layers of protection ranging from antivirus software and password
protections to physical locks and hardware and software rewalls. Defense in depth is also called
the castle approach because a castle similarly will have multiple layers of protections (a moat,
portcullis, catapults, and so on). The security policy needs to take into account several aspects of
the organization; it must protect the employees, the assets (hardware and software), and the
company's data.
https://study.com/academy/lesson/what-is-a-security-policy-definition-examples-framework.html 1/2
4/23/2021 What Is a Security Policy? - Definition, Examples & Framework - Video & Lesson Transcript | Study.com
Lesson Summary
A well-written and uidly updated IT security policy creates a solid foundation on which to build a
strong IT department. It o ers protections for the organization's assets through the use of the
defense in depth strategy, employees through use of an acceptable use policy, and data using
rewalls and least privilege. It can act as a blueprint for where an IT department currently is, a
codex for how it operates, and a roadmap for where it aspires to be.
https://study.com/academy/lesson/what-is-a-security-policy-definition-examples-framework.html 2/2