Security Policy

A security policy is a form of documentation that is created to enforce certain rules and regulations and keep a structure on procedures. In other words, it is a set of rules that members of a certain organisation must follow as long as they belong to the organisation and have access to their assets and properties. An example of the rules in a security policy would be that "individuals must not use the organization's information assets in an unethical manner."

The security policy comprises of four important steps, security, monitor, test, and improve.

Security
Before we can do anything, we must make sure that the server is secure. This is important since it prevents the organisation's assets from being stolen or exploited. Some technologies that will help us in security includes data encryption and firewall implementations.

Monitor
After securing the network/server, we must monitor to make sure the security policies are not violated. This way, we will ensure that the security policy is being enforced.

Test
To make sure that the network is consistently secure, we must test it to make sure that it is safe from threats. Using technologies like penetration testing and auditing, we can find security  loopholes in the network and fix them and check that the network is in place and safe.

Improve
The security policy must be consistently reviewed to improve, making sure that it is not outdated is still applicable to the organisation.

Source: http://www.windowsecurity.com/articles/Defining_a_Security_Policy.html
             http://408error.blogspot.com/