The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Definition, Computing, Policy, Security

Computer security policy

Revision as of 04:06, 12 May 2017 by Mdscott (talk | contribs) (Adding categories)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Edit

Definition[]

A computer security policy refers to

[s]enior management's directives that create a computer security program, establish its goals, and assign responsibilities. The term 'policy' is also used to refer to the specific security rules for particular systems. Policy may also refer to entirely different matters, such as the specific managerial decisions setting an organization's e-mail privacy policy or fax security policy.[1]
[t]he high-level policy for the security services that are to be supported by a computer for protecting its applications, stored data, and communications, and the rules to be followed in verifying user identities and authorizing their requests before they are granted.[2]

References[]

  1. DM3595-001, at 6.
  2. NIST Special Publication 800-152, at 127.
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement