Editing Network security policy (section)

{{More references|date=April 2010}}A '''network security policy''' ('''NSP''') is a generic document that outlines rules for [[computer network]] access, determines how policies are enforced and lays out some of the basic architecture of the company [[security]]/ [[network security]] environment.<ref>{{Cite web|title=Network security policy {{!}} Semantic Scholar|url=https://www.semanticscholar.org/topic/Network-security-policy/321849|access-date=2020-12-13|website=www.semanticscholar.org|language=en}}</ref> The document itself is usually several pages long and written by a [[committee]]. 

A [[security policy]] is a complex document, meant to govern data access, [[World Wide Web|web]]-[[web browser|browsing]] habits, use of [[password]]s, [[encryption]], [[Electronic mail|email]] attachments and more. It specifies these rules for individuals or groups of individuals throughout the company.<ref>{{Cite web|title=Network Security Policy {{!}} Villanova University|url=https://www1.villanova.edu/villanova/unit/policies/AcceptableUse/security.html|access-date=2020-12-13|website=www1.villanova.edu}}</ref> The policies could be expressed as a set of instructions that understood by special purpose [[network hardware]] dedicated for securing the network.

Security policy should keep the [[Malicious user|malicious users]] out, and also exert control over potential risky users within an organization. 

Understanding what information and services are available and to which users, as well as what the potential is for damage and whether any protection is already in place to prevent misuse are important when writing a network security policy.  In addition, the security policy should dictate a hierarchy of access permissions, granting users access only to what is necessary for the completion of their work. The [[National Institute of Standards and Technology]] provides an example security-policy guideline.