Security Policy

Security Policies are important in companies as it is the scale of how secure the system should be for a system, organization or other entity.In organizations,it determines/shows the authority constraints of the members,it also applies to physical security devices,for example doors,locks and keys.

If there is truly a need for the security,it is fairly obvious that the security policies should be implemented and followed properly.In more complicated systems,these policies are also usually broken down to smaller and simplified sub-policies.Although having sub-policies is not the perfect choice,as it gives others a false sense that it is mentioning about the overall definition of security when it does not.Also,in cases where sub-policies are implemented with no super-policy usually ends up as a useless rule where it is incapable of enforcing anything.

Similarly,top level security policies are needed when there are confidential schemes being carried out,else it would totally meaningless without them.Security Policies are also known to be "living documents" which means that the policy is never completed,and it will keep on changing the contents as the environment changes,for example,the improvement in IT technology,changing of employees,equipment and even at times,their trade secrets.

For example in business industries,security policies are implement to states how the company decides to protect their physical and IT assets.And as the time changes,the main focus of the company will change the employees over the years,improving the technologies used within the company and also they might be changing their method of business approach as their target market changes.

References: http://en.wikipedia.org/wiki/Security_policy
http://searchsecurity.techtarget.com/definition/security-policy