Definition of security policy

Action plan that a public or private organisation establishes in order to reduce security risks. This plan usually includes specific plans such as a defence policy as well as other indirect policies, purchasing policies, and personnel selection, and also establishes control measures for the security of the organisation. 

An organisation’s security policy is a living document and should be adapted to new threats to the company as they arise. Likewise, it should possess sufficiently strong mechanisms which protect it from threats as they present themselves.[1]


an example of a security policy from history

During the Middle Ages, the Republic of Venice established a system of protection for its principal industrial property: the fabrication of Venetian glass. This system involved a series of actions designed for the protection of work techniques, of the components, of the sales and of the work force. The measures taken included fragmentation of formulas between distinct people and the isolation of the fabrication to the island of Murano.[2]


security policy in the news

An analysis of security issues published in the FT in April 2012 said that security issues have moved into the business mainstream because of the increased damage being caused by security attackers. The analysis followed a breach of security at Global Payments, a processor of credit and debit card transactions involving brands such as Visa and Mastercard, which put 1.5m card numbers in North America at risk of being stolen.