Operational Policy
A security policy defines what it means to be secure for an organization. It is a set of rules and procedures for all individuals accessing an organizations IT assets and resources. A security policy is the objectives for security and the agreed upon management strategy for securing information. It is a document that states how a company plans to protect the company physical information technology and assets. Development of security policy is essential for an organization's cyber security strategy. The organization needs to define what security is in terms of policies. Having this definition will enable the organization to work toward that goal. The policy helps identify objectives and controls that are needed to reach the organization's goals.
The following pages provide a summary of major US and industry rules and sample policies that were created for a fictitious health insurance company to illustrate possible content of policies.
The following pages provide a summary of major US and industry rules and sample policies that were created for a fictitious health insurance company to illustrate possible content of policies.