Security Policies
A security policy is the written representation of an organization’s security philosophy. The
security policy is a guide that defines how the organization does business with respect to its
network resources and defines, in general terms, how the network resources are to be
secured. The security policy should fulfill the following objectives:
■ Analyze the threat based on the type of business performed and type of network
exposure
■ Determine the organization’s security requirements
Foundation Summary 19
■ Document the network infrastructure and identify potential security breach points
■ Identify specific resources that require protection and develop an implementation plan