Artifact: Security Policy

Domains: Security Management Work Products

Relationships

Roles

Responsible:

Modified By:

Security Analyst
Security Manager

Tasks

Input To:

Analyze Findings
Assemble and Communicate Security Policy
Assess Business Policies and Plans
Assess New Technology
Assess Regulations and Standards
Define Security Infrastructure
Define Security Plan Procedures
Define Security Plan Schedule
Determine Impact
Evaluate Candidate Suppliers
Identify Security Policy Requirements on Asset Security
Review IT Direction
Review Risk Context
Specify Process Purpose, Scope, Goals, and Capabilities

Develop Security Recommendations
Review Facility Planning Inputs and Define Facility Plans and Specifications

Output From:

Analyze Findings
Assemble and Communicate Security Policy
Assess Business Policies and Plans
Assess New Technology
Assess Regulations and Standards
Define Overall Security Objectives

Description

Main Description

The statement of the types and levels of security over information technology resources and capabilities which must be established and operated in order for those items to be considered as 'secure'. It provides management direction into the allowable behaviors of the actors working with the resources and exercising the capabilities. It defines the scope of management and specifies the requirements for the security controls.