A security policy is a document which defines the plans to protect all type of assets, both physical and virtual. The following areas must be addressed:
- Risk assessment policy
- Password policy
- Email policy
- Internet policy
- Disaster recovery
- Intrusion detection
Any violation of these policies should be monitored and prioritized for analysis and response. These can be used for the early detection of any security breach. Any organizations that seek to attain a high level of security maturity should review and adjust their endpoint security policies from time to time.