Sergio Ginocchio
  • Home
  • About
  • Cyber Security Operations and Leadership Program
    • Cyber Security Fundamentals >
      • Vulnerability Assessment
    • Cryptography >
      • Cryptographic Techniques for Network Security
    • Security Architecture
    • Operational Policy >
      • Summary of Major US and Industry Rules
      • Data Classification and Security Policy Models
      • Privacy Policy
    • Risk Management
    • Management and Cyber Security
    • Secure Software Design and Development
    • Network Visualization and Vulnerability Detection >
      • SIEM Tools Trade Study
      • Vulnerability Scanning Tools
      • Viewing Network Communications with Wireshark
    • Cyber Threat Intelligence
    • Cyber Incident Response and Computer Forensics
  • Reference Link Library
    • Major Industry Websites
    • Government Resources
    • Cybersecurity News
    • Cyber Security Tools >
      • Tools
    • Certification and Training
    • Books
    • Coursework Final Papers
  • Media Presentation
  • Home
  • About
  • Cyber Security Operations and Leadership Program
    • Cyber Security Fundamentals >
      • Vulnerability Assessment
    • Cryptography >
      • Cryptographic Techniques for Network Security
    • Security Architecture
    • Operational Policy >
      • Summary of Major US and Industry Rules
      • Data Classification and Security Policy Models
      • Privacy Policy
    • Risk Management
    • Management and Cyber Security
    • Secure Software Design and Development
    • Network Visualization and Vulnerability Detection >
      • SIEM Tools Trade Study
      • Vulnerability Scanning Tools
      • Viewing Network Communications with Wireshark
    • Cyber Threat Intelligence
    • Cyber Incident Response and Computer Forensics
  • Reference Link Library
    • Major Industry Websites
    • Government Resources
    • Cybersecurity News
    • Cyber Security Tools >
      • Tools
    • Certification and Training
    • Books
    • Coursework Final Papers
  • Media Presentation

Operational Policy


A security policy defines what it means to be secure for an organization. It is a set of rules and procedures for all individuals accessing an organizations IT assets and resources. A security policy is the objectives for security and the agreed upon management strategy for securing information. It is a document that states how a company plans to protect the company physical information technology and assets. Development of security policy is essential for an organization's cyber security strategy. The organization needs to define what security is in terms of policies. Having this definition will enable the organization to work toward that goal. The policy helps identify objectives and controls that are needed to reach the organization's goals.

The following pages provide a summary of major US and industry rules and sample policies that were created for a fictitious health insurance company to illustrate possible content of policies.
  • Summary of Major US and Industry Rules
  • Data Classification and Security Policy Models
  • Privacy Policy