165:, policies can be decomposed into sub-policies to facilitate the allocation of security mechanisms to enforce sub-policies. However, this practice has pitfalls. It is too easy to simply go directly to the sub-policies, which are essentially the rules of operation and dispense with the top level policy. That gives the false sense that the rules of operation address some overall definition of security when they do not. Because it is so difficult to think clearly with completeness about security, rules of operation stated as "sub-policies" with no "super-policy" usually turn out to be rambling rules that fail to enforce anything with completeness. Consequently, a top-level security policy is essential to any serious security scheme and sub-policies and rules of operation are meaningless without it.
293:
22:
350:
137:, and walls. For systems, the security policy addresses constraints on functions and flow among them, constraints on access by external systems and adversaries including
133:
or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors,
334:
391:
266:
327:
105:
161:
strategies to assure completeness of security policies and assure that they are completely enforced. In complex systems, such as
420:
39:
320:
86:
43:
58:
384:
65:
190:
32:
425:
72:
377:
180:
54:
153:
If it is important to be secure, then it is important to be sure all of the security policy is enforced by
229:
219:
204:
185:
234:
162:
154:
410:
300:
272:
262:
209:
199:
195:
361:
304:
79:
138:
415:
158:
175:
404:
134:
130:
21:
357:
292:
276:
224:
349:
256:
214:
126:
258:
First
Responders Handbook : An Introduction, Second Edition
142:
15:
157:
that are strong. There are organized methodologies and
365:
308:
46:. Unsourced material may be challenged and removed.
385:
328:
8:
392:
378:
335:
321:
106:Learn how and when to remove this message
247:
7:
346:
344:
289:
287:
121:is a definition of what it means to
44:adding citations to reliable sources
364:. You can help Knowledge (XXG) by
307:. You can help Knowledge (XXG) by
14:
348:
291:
20:
31:needs additional citations for
1:
191:Information security policy
442:
343:
286:
181:Computer security policy
421:Computer security stubs
360:-related article is a
255:Madigan, Michael L.
230:Security engineering
220:Remote Access Policy
205:Photo identification
186:Environmental design
40:improve this article
235:User Account Policy
198:policy, as part of
163:information systems
373:
372:
316:
315:
301:computer security
268:978-1-315-10911-4
210:Physical Security
200:Military strategy
196:National security
116:
115:
108:
90:
55:"Security policy"
433:
426:Management stubs
394:
387:
380:
352:
345:
337:
330:
323:
295:
288:
281:
280:
252:
149:Top-level policy
111:
104:
100:
97:
91:
89:
48:
24:
16:
441:
440:
436:
435:
434:
432:
431:
430:
401:
400:
399:
398:
342:
341:
285:
284:
269:
254:
253:
249:
244:
239:
171:
159:risk assessment
151:
119:Security policy
112:
101:
95:
92:
49:
47:
37:
25:
12:
11:
5:
439:
437:
429:
428:
423:
418:
413:
403:
402:
397:
396:
389:
382:
374:
371:
370:
353:
340:
339:
332:
325:
317:
314:
313:
296:
283:
282:
267:
246:
245:
243:
240:
238:
237:
232:
227:
222:
217:
212:
207:
202:
193:
188:
183:
178:
176:Access control
172:
170:
167:
150:
147:
141:and access to
114:
113:
28:
26:
19:
13:
10:
9:
6:
4:
3:
2:
438:
427:
424:
422:
419:
417:
414:
412:
409:
408:
406:
395:
390:
388:
383:
381:
376:
375:
369:
367:
363:
359:
354:
351:
347:
338:
333:
331:
326:
324:
319:
318:
312:
310:
306:
303:article is a
302:
297:
294:
290:
278:
274:
270:
264:
260:
259:
251:
248:
241:
236:
233:
231:
228:
226:
223:
221:
218:
216:
213:
211:
208:
206:
203:
201:
197:
194:
192:
189:
187:
184:
182:
179:
177:
174:
173:
168:
166:
164:
160:
156:
148:
146:
144:
140:
136:
132:
128:
124:
120:
110:
107:
99:
96:December 2009
88:
85:
81:
78:
74:
71:
67:
64:
60:
57: –
56:
52:
51:Find sources:
45:
41:
35:
34:
29:This article
27:
23:
18:
17:
366:expanding it
355:
309:expanding it
298:
257:
250:
152:
131:organization
122:
118:
117:
102:
93:
83:
76:
69:
62:
50:
38:Please help
33:verification
30:
145:by people.
135:locks, keys
405:Categories
358:management
277:1087042065
242:References
155:mechanisms
66:newspapers
123:be secure
411:Security
225:Security
169:See also
139:programs
80:scholar
416:Policy
275:
265:
215:Policy
127:system
125:for a
82:
75:
68:
61:
53:
356:This
299:This
87:JSTOR
73:books
362:stub
305:stub
273:OCLC
263:ISBN
143:data
59:news
42:by
407::
271:.
261:.
129:,
393:e
386:t
379:v
368:.
336:e
329:t
322:v
311:.
279:.
109:)
103:(
98:)
94:(
84:·
77:·
70:·
63:·
36:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.