// THREAT DETECTION AND DATA PRIVACY TERM
Security Policy
A security policy is a high-level document that outlines an organization's rules and procedures for protecting its information and technology assets. It defines the goals and acceptable behaviors to maintain a secure environment.
TECHNICAL DEFINITION
A security policy is a foundational governance document that establishes an organization's security posture by defining rules, controls, and procedures for protecting information assets and IT infrastructure. It underpins risk management, compliance frameworks (like NIST, ISO 27001), and access control strategies to ensure the confidentiality, integrity, and availability (CIA) of data.
BACKGROUND
Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- Information Security Policy
- IT Security Policy
- Cybersecurity Policy
- Security Framework
- Corporate Security Policy
- Security Doctrine
USAGE NOTE
The policy sets the 'what' and 'why' of security, while standards, procedures, and guidelines detail the 'how' of its implementation.
DEVELOPERS
Organizations developing technology related to Security Policy.
Develops next-generation firewalls and cloud security platforms (like Prisma Cloud) where granular security policies are fundamental for controlling network traffic, application access, and threat prevention.
Specializes in Security Policy Orchestration technology. Their platform enables enterprises to automate the management, analysis, and auditing of security policies across firewalls and hybrid cloud environments.
Provides a wide range of security products, including the Identity Services Engine (ISE) and firewalls, which use security policies to enforce network access control, segmentation, and threat defense based on user, device, and context.
A leading provider of security policy management solutions. Their technology automates the process of discovering, analyzing, and managing security policies across on-premises, cloud, and hybrid networks.
A cloud security company whose Zero Trust Exchange platform enforces granular, user- and application-centric security policies to provide secure access to applications and the internet, regardless of user location.
Develops the Fortinet Security Fabric, where security policies are a core component of their FortiGate firewalls and other products to control network traffic, filter web content, and prevent intrusions.
Develops numerous technologies for policy enforcement, including Microsoft Entra ID Conditional Access Policies for identity and access, and Azure Policy for governing cloud resource configurations and compliance.
An identity and access management (IAM) company that provides a platform for enforcing security policies related to user authentication and authorization, including multi-factor authentication and adaptive access controls.