Rules implement policy

• Tight security policy:

  • simple rules
  • many requests/responses referred to security officer
  • much information output denied by security officer
  • low risk
  • poor business relationships

• Liberal but careful security policy

  • complex rules
  • few requests/responses referred to security officer
  • of remainder, much information output denied by security officer
  • low risk
  • good business relationships

• Sloppy security policy

  • simple rules
  • few requests/responses referred to security officer
  • little information output denied by security officer
  • high risk
  • unpredictable business relationships

Previous slide

Next slide

Back to first slide

View graphic version