العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolSECURITY POLICY
A 'security policy' is a definition of what it means to ''be secure'' for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including programs and access to data by people.
Because the security policy is a high level definition of secure behavior, it is meaningless to claim an entity is "secure" without knowing what "secure" means. It is also foolish to make any significant effort to address security without tracing the effort to a security policy.
If it is important to be secure, then it is important to be sure all of the security policy is enforced by mechanisms that are strong enough. There are organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. However, this practice has pitfalls. It is too easy to simply go directly to the sub-policies, which are essentially the rules of operation and dispense with the top level policy. That gives the false sense that the rules of operation address some overall definition of security when they do not. Because it is so difficult to think clearly with completeness about security, rules of operation stated as "sub-policies" with no "super-policy" usually turn out to be rambling ad-hoc rules that fail to enforce anything with completeness. Consequently, a top level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless
★ Access control
★ Computer security policy
★ Enviromental design
★ Information Protection Policy
★ Information security policy
★ National security policy, Military strategy
★ Network security policy
★ Photo identification
★ Physical Security
★ Policy
★ Remote Access Policy
★ Security
★ Security engineering
★ User Account Policy
Because the security policy is a high level definition of secure behavior, it is meaningless to claim an entity is "secure" without knowing what "secure" means. It is also foolish to make any significant effort to address security without tracing the effort to a security policy.
| Contents |
| Significance |
| See also |
Significance
If it is important to be secure, then it is important to be sure all of the security policy is enforced by mechanisms that are strong enough. There are organized methodologies and risk assessment strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as information systems, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. However, this practice has pitfalls. It is too easy to simply go directly to the sub-policies, which are essentially the rules of operation and dispense with the top level policy. That gives the false sense that the rules of operation address some overall definition of security when they do not. Because it is so difficult to think clearly with completeness about security, rules of operation stated as "sub-policies" with no "super-policy" usually turn out to be rambling ad-hoc rules that fail to enforce anything with completeness. Consequently, a top level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless
See also
★ Access control
★ Computer security policy
★ Enviromental design
★ Information Protection Policy
★ Information security policy
★ National security policy, Military strategy
★ Network security policy
★ Photo identification
★ Physical Security
★ Policy
★ Remote Access Policy
★ Security
★ Security engineering
★ User Account Policy
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
