176:, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. However, this practice has pitfalls. It is too easy to simply go directly to the sub-policies, which are essentially the rules of operation and dispense with the top level policy. That gives the false sense that the rules of operation address some overall definition of security when they do not. Because it is so difficult to think clearly with completeness about security, rules of operation stated as "sub-policies" with no "super-policy" usually turn out to be rambling rules that fail to enforce anything with completeness. Consequently, a top-level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless without it.
304:
33:
361:
148:, and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including
144:
or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors,
345:
402:
277:
338:
116:
172:
strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as
431:
50:
331:
97:
54:
69:
395:
76:
201:
43:
436:
83:
388:
191:
65:
164:
If it is important to be secure, then it is important to be sure all of the security policy is enforced by
240:
230:
215:
196:
245:
173:
165:
421:
311:
283:
273:
220:
210:
206:
372:
315:
90:
149:
426:
169:
186:
415:
145:
141:
17:
32:
368:
303:
287:
235:
360:
267:
225:
137:
269:
First
Responders Handbook : An Introduction, Second Edition
153:
26:
168:
that are strong. There are organized methodologies and
376:
319:
57:. Unsourced material may be challenged and removed.
396:
339:
8:
403:
389:
346:
332:
117:Learn how and when to remove this message
258:
7:
357:
355:
300:
298:
132:is a definition of what it means to
55:adding citations to reliable sources
375:. You can help Knowledge (XXG) by
318:. You can help Knowledge (XXG) by
25:
359:
302:
31:
42:needs additional citations for
1:
202:Information security policy
453:
354:
297:
192:Computer security policy
432:Computer security stubs
371:-related article is a
266:Madigan, Michael L.
241:Security engineering
231:Remote Access Policy
216:Photo identification
197:Environmental design
51:improve this article
246:User Account Policy
209:policy, as part of
174:information systems
384:
383:
327:
326:
312:computer security
279:978-1-315-10911-4
221:Physical Security
211:Military strategy
207:National security
127:
126:
119:
101:
66:"Security policy"
18:Security policies
16:(Redirected from
444:
437:Management stubs
405:
398:
391:
363:
356:
348:
341:
334:
306:
299:
292:
291:
263:
160:Top-level policy
122:
115:
111:
108:
102:
100:
59:
35:
27:
21:
452:
451:
447:
446:
445:
443:
442:
441:
412:
411:
410:
409:
353:
352:
296:
295:
280:
265:
264:
260:
255:
250:
182:
170:risk assessment
162:
130:Security policy
123:
112:
106:
103:
60:
58:
48:
36:
23:
22:
15:
12:
11:
5:
450:
448:
440:
439:
434:
429:
424:
414:
413:
408:
407:
400:
393:
385:
382:
381:
364:
351:
350:
343:
336:
328:
325:
324:
307:
294:
293:
278:
257:
256:
254:
251:
249:
248:
243:
238:
233:
228:
223:
218:
213:
204:
199:
194:
189:
187:Access control
183:
181:
178:
161:
158:
152:and access to
125:
124:
39:
37:
30:
24:
14:
13:
10:
9:
6:
4:
3:
2:
449:
438:
435:
433:
430:
428:
425:
423:
420:
419:
417:
406:
401:
399:
394:
392:
387:
386:
380:
378:
374:
370:
365:
362:
358:
349:
344:
342:
337:
335:
330:
329:
323:
321:
317:
314:article is a
313:
308:
305:
301:
289:
285:
281:
275:
271:
270:
262:
259:
252:
247:
244:
242:
239:
237:
234:
232:
229:
227:
224:
222:
219:
217:
214:
212:
208:
205:
203:
200:
198:
195:
193:
190:
188:
185:
184:
179:
177:
175:
171:
167:
159:
157:
155:
151:
147:
143:
139:
135:
131:
121:
118:
110:
107:December 2009
99:
96:
92:
89:
85:
82:
78:
75:
71:
68: –
67:
63:
62:Find sources:
56:
52:
46:
45:
40:This article
38:
34:
29:
28:
19:
377:expanding it
366:
320:expanding it
309:
268:
261:
163:
142:organization
133:
129:
128:
113:
104:
94:
87:
80:
73:
61:
49:Please help
44:verification
41:
156:by people.
146:locks, keys
416:Categories
369:management
288:1087042065
253:References
166:mechanisms
77:newspapers
134:be secure
422:Security
236:Security
180:See also
150:programs
91:scholar
427:Policy
286:
276:
226:Policy
138:system
136:for a
93:
86:
79:
72:
64:
367:This
310:This
98:JSTOR
84:books
373:stub
316:stub
284:OCLC
274:ISBN
154:data
70:news
53:by
418::
282:.
272:.
140:,
404:e
397:t
390:v
379:.
347:e
340:t
333:v
322:.
290:.
120:)
114:(
109:)
105:(
95:·
88:·
81:·
74:·
47:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.