A set of security modules, such as the rules for constructing passwords or the ownership of a system’s start-up procedures. Policies establish which users can access certain information, and point to the standards and guidelines that describe the necessary security checks.
A combination of all the security rules and settings that have been applied to a specific group to protect an enterprise’s computing integrity. Security policies can include rules concerning the permitted applications, connection type, VPN, Ethernet, wireless, and any other restrictions or specifications that an organization wants to enforce. See also OS Protection, firewall rule, Host Integrity policy.
A company's formal declaration of its security goals and how it will meet those goals. At its most fundamental level, a security policy is an organization of controls that is designed to reduce risk, demonstrate fiduciary responsibility, and satisfy regulatory codes.