Back to course

Security Policies and Procedures

Cyber Security Mastery: From Zero to Hero

The Importance of Governance

Technology alone cannot solve security problems; clear, documented rules are essential. Security Governance involves the structure, processes, and standards established to ensure the organization meets its security objectives.

Key Definitions

  1. Security Policy: High-level document outlining the organization's overall stance on security (e.g., 'All employees must use strong passwords').
  2. Standard: Mandatory rules on specific technologies or configurations (e.g., 'All workstations must use AES-256 encryption').
  3. Procedure: Detailed, step-by-step instructions for performing a specific task (e.g., 'Steps for onboarding a new employee and granting system access').
  4. Guideline: Recommendations or best practices that are optional but helpful.

Acceptable Use Policy (AUP)

A critical policy that defines how employees may use the organization's computing resources (internet, email, software). This minimizes misuse and helps mitigate insider threats.