What Is a Security Policy? - Definition, Examples & Framework

An error occurred trying to load this video.

Try refreshing the page, or contact customer support.

Coming up next: What is a Domain Controller? - Definition & Function

You're on a roll. Keep up the good work!

Take Quiz Watch Next Lesson
Your next lesson will play in 10 seconds
  • 0:03 What Is a Security Policy?
  • 1:27 Protecting the Employees
  • 2:24 Protecting the Assets
  • 3:12 Protecting the Data
  • 3:55 Creating an Effective Policy
  • 4:26 Lesson Summary
Save Save Save

Want to watch this again later?

Log in or sign up to add this lesson to a Custom Course.

Log in or Sign up

Speed Speed Audio mode
Lesson Transcript
Instructor: Edward Kipp
In the IT world, we protect an organization by having a strong, well-defined security policy. In this lesson, we'll examine how to create an effective policy that protects assets, employees, and data.

What Is a Security Policy?

Without guidelines, where would society be? We've seen films and video games that depict a post-apocalyptic world where there are no rules. Rules and laws are necessary to keep the peace and protect the public, or else anarchy will reign. In business, policies are needed to keep a business productive and to protect its resources. A strong IT security policy can protect both the employees and the bottom line.

An organization needs to have a security policy that is defined, appropriate and flexible, and a living document that can adapt to the ever-evolving technology. This security policy covers how employees can use the company's technology and how an IT department works with employees to leverage and secure that technology. Best practice for IT security is a defense in depth strategy, which involves multiple layers of protection ranging from antivirus software and password protections to physical locks and hardware and software firewalls. Defense in depth is also called the castle approach because a castle similarly will have multiple layers of protections (a moat, portcullis, catapults, and so on). The security policy needs to take into account several aspects of the organization; it must protect the employees, the assets (hardware and software), and the company's data.

Protecting the Employees

The employees require both physical and virtual protection: they need to know evacuation plans in case of a fire or environmental disaster, but they also should have basic IT protections as well. Each employee that uses a computer should have an individual user account to ensure accountability, with a password policy that is clearly defined and followed by the employee. An acceptable use policy (including user acknowledgment that they understand the policy) protects the user and the organization by defining what a user can and cannot do with computer equipment to reduce the threat of a breach. Mobile device guidelines should be implemented in the event of loss or theft, ranging from encryption to remote management. Some remote management applications can activate the camera and GPS on the device, stealthily take a photo of the surroundings, and send the information back to an administrator to be forwarded to management and law enforcement.

To unlock this lesson you must be a Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use

Become a member and start learning now.
Become a Member  Back
What teachers are saying about
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account