Security Policy

What is a Security Policy?
http://searchsecurity.techtarget.com/definition/security-policy says : "A security policy is continuously updated as technology and employee requirements change. A company's security policy may include an acceptable use policy, a description of how the company plans to educate its employees about protecting the company's assets, an explanation of how security measurements will be carried out and enforced, and a procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made."


http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html says: "a policy would be some form 


of documentation that is created to enforce specific rules or regulations and keep a structure on procedures. 


","in the context of ‘security’, is simply a policy based around procedures revolving around security" and "a 


disaster recovery policy is a set of procedures, rules and plans revolving around having a disaster and how 


to recover from it. "


-Description of how the company plans to educate its employees about protecting the company's assets


-Explanation of how security measures are carried out

- Procedure for evaluating the effectiveness of the security policy to ensure that necessary corrections will be made


- Specific rules and regulations and keep a structure on procedures


-Like a disaster recovery policy, how to recover from a disaster


So basically a security policy is what a company should have, a black-and-white of information which the company would include its education plans for the employees about safeguarding company's assets. Also, it would serve as a backup plan, of how security measures are enforced, such as having credentials or personal authorisation methods. Finally, it should be able to improve on its effectiveness and make sure that any flaw would be corrected.