Security Policies and its Types | CISSP Certification Exam Prep

Security policies are the foundation basics of a sound and effective implementation of security. Organizations usually implement technical security solutions without first creating this foundation of policies, standards, guidelines, and procedures. Thus, unintentionally creating unfocused and ineffective security controls. To avoid this, security policies are required.

Now the question is what are security policies?

Security policy is an overall general statement produced by senior management, a selected policy board, or committee of an organization that dictates what role security plays within that organization. There are certain factors that security policies should follow, namely:

Very generic, non-technical and easily understood
Provides “missions statement for security”
Should represent business objectives
Developed to integrate security into ALL business functions and processes
Reviewed and modified as company changes
Dated and version controlled
Forward thinking

There are different types of security policies, namely:

Regulatory
Advisory
Informative

Regulatory: Regulatory policy ensures that the organization is following standards set by specific industry regulations. These policies are security policies that an organization must implement due to compliance, regulation, or other legal requirements. These companies can be financial institutions, public utilities, or some other type of organization that operates in the public interest.

Advisory: Advisory policy strongly advises employees on the behaviors and activities which should and should not take place within the organization. These policies are not mandatary but are strongly suggested, perhaps with serious consequences defined. Failure to follow them will result in consequences such as termination, or a job action warning. A company with such policies wants most employees to consider these policies mandatory.

Informative: Informative policies are policies that exist simply to inform the reader. There are no implied or specified requirements, and the audience of this information could be internal i.e. within the organization or external parties.

These are the various types of security policies. To know more, you can explore our training course on Certified Information Systems Security Professional. Simplilearn offers extensive CISSP classroom training from expert tutors.

Name	Date	Place
CISSP Certification Training Course	10 Jun -9 Jul 2023, Weekend batch	Your City	View Details
CISSP Certification Training Course in Atlanta	24 Jun -23 Jul 2023, Weekend batch	Atlanta	View Details
CISSP Certification Training Bootcamp in Washington, DC	8 Jul -13 Aug 2023, Weekend batch	Washington	View Details

Security Policies and its Types: CISSP Certification Exam Prep

Find our CISSP^®- Certified Information Systems Security Professional Online Classroom training classes in top cities:

About the Author

Recommended Programs

Find CISSP^®- Certified Information Systems Security Professional in these cities

How to Get Started With Kubernetes Pod Security Policies (PSPs)

Recommended Resources

Trending now

Top 20 Cybersecurity Trends to Watch Out for in 2023

Learn Ethical Hacking from Scratch: A Comprehensive Guide

Cybersecurity Career Guide: A Comprehensive Playbook to Becoming A Cybersecurity Expert

The Top Eight Kali Linux Tools for 2023

The Career Benefits of Learning Ethical Hacking

What is Ethical Hacking?

Top Ethical Hacking Tools in 2023

What Is COBIT? Understanding the Framework, Components, and Benefits

What Ethical Hacking Skills Do Professionals Need?

What Is Kerberos, How Does It Work, and What Is It Used For?