If previously we have learned about defense in depth, then we will know that the outer shell of layers of security is a security policy (security policy). Aside from that, you may also need to try the recommended two factor authentication for improving personal password security 2 factor authentication.
Then what is security policy?
Security policy is well-documented planning, process, standard, and instructions needed to meet the information security of an organization.
Advantages of security policy:
1. Improve data and network security
2. Risk mitigation
3. Monitored and regulated the device used and data transfer
4. Better network performance
5. Quick response to problems and lower downtime
6. Reducing stress at the management level
7. Reducing costs
A good security policy has the following features:
1. Concise and clear: A security policy must be concise and clear. When they are needed they will be easy to apply to the existing infrastructure. Policies that are complicated or difficult to understand will not be implemented by employees.
2. Applicable and useful: Policies must be written and designed as possible so they can be applied in various sections and organizations. Good policies will be easy to set up and implement.
3. Economically feasible: Organizations must implement economic policies and still be able to maintain the security of the organization.
4. Understandable: Policies must be easy to understand and follow
5. Realistic: Policies must be based on practicality and reality, using fictional matters on policies even disrupts the organization itself.
6. Consistent: Organizations must have consistency when implementing their policies.
7. Can be procedurally suspended: When implementing policies they must be friendly to employees.
8. Comply with laws and regulations: Every policy implemented must comply with all existing laws, rules, and regulations.
Examples of making Security Policies:
Bring Your Own Device (BYOD) Policy
BYOD is terminology that an organization uses to motivate employees to bring their own devices, as is difficult for organizations to keep up with increasingly sophisticated and increasingly dangerous technological developments.