What is a Security Policy?

A security policy is a document that defines the scope of security needed by an organization. This document discusses the organizations assets and what type of protection/security solution is needed to meet those security requirements. Assets can include anything from people, buildings, computers, or trade secrets to name a few.

Some more complex organizations sub divide security policies to better outline their overall security strategy. Other types of security policies can include organizational security policies, issue-specific security policies, system-specific security policies, regulatory policies, advisory policies, or informative policies to name a few.

You should understand that policies are broad overviews. Under policies are standards, baselines, and guidelines that go more in depth detailing specific information.