Security policy

Security policy is a set of rules which people who are given access to the organization's technology and information must follow in order for the assets to have confidentiality, integrity and availability.
Security policy is created to have a baseline of the organization security posture, set the framework for the security implementation, to set a behavioral code, determine the procedures and tools, define roles and communicate consensus, and handle security incidents.
 There are two types of elements in security policy. Firstly, network design factors upon which security policies are based. Secondly, basic Internet threat vectors toward which security policies are written to mitigate.
As a continuous process of security policy, there is Network security which is done in four steps. 
Firstly, secure, where there are security solutions being implemented to prevent unauthorized persons to access the assets. Authentication, encryption, firewall and vulnerability patching are some security solutions.
Secondly, monitor, where system auditing and real-time intrusion detection is used so that violations to the security policy will be detected. This step authenticate the security implementation of the 'secure' step.
Thirdly, test, this shows the effectiveness of the policy.
Last but not least, improve, where the information that was gathered from the 'test' and 'monitor' steps are use to make improvements to the security implemented.