Code360 powered by Coding Ninjas X Naukri.com. Code360 powered by Coding Ninjas X Naukri.com
Table of contents
1.
Introduction
2.
Security Policy
2.1.
Need of Security Policy
2.2.
Types of Security Policy
2.3.
Recommended Cyber Security Policies
3.
FAQs
4.
Key Takeaways
Last Updated: Mar 27, 2024
Easy

Security Policy

Author Pakhi Garg
1 upvote

Introduction

Today’s world is the Internet era. The Internet has helped organisations to grow strongly and rapidly. With this rapid growth, one primary concern is also penetrating: cyber security.

Cybersecurity refers to the process of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. 

This article will discuss cyber security policies in detail.


Source: Meme Generator

Security Policy

Consider an institute or organisation having a management committee whose primary job is to establish and maintain the security policy. This security policy will contain the security measures of that organisation.

Thus, security policies can be defined as a formal set of rules issued by an organisation to ensure that the users who have access to the organisation’s technology and information follow the prescribed rules and guidelines related to the information security of that organisation.

It is usually a written document containing how to protect the organisation from threats and deal with them if they arise.

A security policy is also known as a living document since it gets updated from time to time and is never said to be completed.

Next, we will see the need for a security policy.

Need of Security Policy

Source: Meme Generator

A security policy is needed in an organisation since,

  • It controls the security risk.
    If there is no security in an organisation, the primary threat that it can face is a security risk. If this happens, the resources of the organisation will be in danger. Resources involve the data of the organisation. If some error comes in the data or gets corrupted, it can pose a severe threat to the organisation. Other security resources are system, hardware, software, and memory.  
     
  • It identifies theft.
    If there is a theft of an organisation's security policy, there are some defined ways in the security policy to resolve this issue.
     
  • It detects system fraud.
    Suppose an employee of your organisation uses your organisation’s system to do other work besides the assigned work. Or some other employee is doing some work which may cause a loss to the organisation. So, in this case, a security policy is necessary to keep track of the employee’s activities.
     
  • It increases efficiency.
    A security policy in an organisation tells its employees their duties and the dos and don'ts in the organisation. Therefore, a security policy helps increase the consistency level of an organisation and saves its time, money, and resources. 
     
  • It promotes accountability and discipline.
    When someone makes a mistake that compromises the system’s security, the organisation's security policy supports any disciplinary action taken and any legal action taken. Organisation policies serve as a contract that demonstrates that a company has taken steps to safeguard its intellectual property, consumers and clients.
     
  • It generates a sense of responsibility.
    Having a written document as a security policy generally generates a sense of responsibility among the organisation's employees. The people feel responsible and protect the organisation’s sensitive data by using strong passwords and managing secure file transfers and data storage.

So, the above needs are sufficient to use a security policy in an organisation. 

Now, we will discuss the types of security policies.

Types of Security Policy

There are three types of security policies- 

  1. Regulatory
  2. Advisory
  3. User policies

Now, we will discuss them one by one.

  1. Regulatory
    Regulatory security policy contains the standard set of rules which apply to all the organisations of a type. These organisations can be financial institutions, public utilities, or any other public-interest groupFor example, all the hospital organisations will follow a particular set of rules that apply to all Indian hospitals. The government sets these rules.
     
  2. Advisory
    Advisory security policy contains the rules declared by a particular organisation for its employees. It generally tells the dos and don’ts in the company. These policies are not obligatory but strongly recommended, with significant consequences. You'll face the consequences like termination or a job action warning if you don't follow them. Most employees in a company with such policies should consider them mandatory.
     
  3. User Policies
    User policies are the security policy meant for the user. These are employed for reducing the chances of threats by changing passwords frequently and using an organisation’s system only for necessary work.

During the installation, the majority of security policies are produced automatically. We can also tailor policies to our unique circumstances. Now, we will discuss some recommended cyber security policies.

Recommended Cyber Security Policies

Source: SecureWorld

Below are some critical recommended cyber security policies discussed.

  • Virus and Spyware protection
    The following are the safeguards provided by this policy:
    1. Using signatures, this protection detects, eliminates, and restores the effects of viruses, spyware, riskware and malware.
    2. It assists in detecting risks in files that users attempt to download by using the reputation data from Download Insight.
    3. It uses SONAR heuristics and reputation data to recognise applications that display questionable behaviour. 
       
  • Firewall policy
    The following are the safeguards provided by this policy:
    1. It prevents unauthorised users from gaining access to Internet-connected systems and networks.
    2. It identifies cyber-attacks.
    3. It eliminates network traffic sources that are not required. 
       
  • Intrusion Prevention policy
    The following are the safeguards provided by this policy:
    1. It detects and stops network and browser attacks automatically. 
    2. It also safeguards apps against security flaws. 
    3. It examines the contents of one or more data packages and looks for malware entered through legal channels. 
       
  • LiveUpdate policy
    There are two sorts of policies in this category- LiveUpdate Content Policy and LiveUpdate Setting Policy. 
    1. The LiveUpdate policy comprises the settings that control when and how client computers download content updates from LiveUpdate. 
    2. We can specify the computer that clients use to check for updates and the time and frequency with which they do so. 
       
  • Application and Device Control
    The following are the safeguards provided by this policy:
    1. It protects a system's resources from applications and governs the peripheral devices that can connect to it. 
    2. The Application Control policies can only be used on Windows clients. The device control policies can be used on both Windows and Mac computers.
       
  • Exceptions policy
    The following are the safeguards provided by this policy:
    1. It allows us to exclude specific programmes and processes from detecting viruses and spyware scans. 
       
  • Host Integrity policy
    The following are the safeguards provided by this policy:
    1. To keep company networks and data secure, we can design, enforce, and restore client computer security. 
    2. It verifies that our clients' computers who connect to our network are secure and in compliance with the company's security regulations.
    3. It necessitates the installation of antivirus software on the client system. 

Also read - active and passive attacks

FAQs

  1. Define cyber security.
    Cyber security refers to the process of protecting internet-connected systems such as computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks.
     
  2. Define a security policy.
    Security policies can be defined as a formal set of rules issued by an organisation to ensure that the users who have access to the organisation’s technology and information follow the prescribed rules and guidelines related to the information security of that organisation.
     
  3. Why do we need a security policy?
    We need a security policy because security policy controls the security risk, identifies theft, detects system fraud, increases efficiency in an organisation, promotes accountability and discipline and generates a sense of responsibility among employees.
     
  4. What are the different types of security policies?
    There are three types of security policies- 
    • Regulatory
    • Advisory
    • User policies
       
  5. What is the difference between regulatory and advisory security policy?
    Regulatory security policy contains the standard set of rules which apply to all the organisations of a type. These organisations can be financial institutions, public utilities, or any other public-interest group. Whereas, Advisory security policy contains the rules declared by a particular organisation for its employees. It generally tells the dos and don’ts in the company. These policies are not obligatory but strongly recommended, with significant consequences.

Key Takeaways

In this article, we have studied security policies. We went through the concept thoroughly, discussing the need and types of security policies. We ended our discussion with some recommended cyber security policies.

We hope that this blog has helped you enhance your knowledge regarding security policies and if you would like to learn more, check out our articles on Types of Cyber Attackers and Cyber Attacks and their Types. Do upvote our blog to help other ninjas grow. 

Happy Learning!

Live masterclass