A security policy specifically is the imperative foundation on which a valuable and complete security program can be developed. This significant constituent of the overall security architecture is usually ignored. A security policy is the most important way in which management’s decision for security is converted into specific, measurable, and testable goals and objectives. It is essential to take a top down approach (defining the policy and then roles and responsibilities to enact it properly) based on a well-stated policy in order to make an effective security architecture. On the other hand, if there is an absence of a security policy guiding the decision makers, then decisions will be made on ad-hoc bases, by the individuals developing, installing, and maintaining computer systems, and this will result in a disparate and less than optimal security architecture being used or implemented (Weise & Martin, 2001). The structure of this report is as follows: next section describes the components necessary for developing and defining the policy then a policy is developed to govern the transaction management system of an organization.
It characterizes the challenge or issue that management is dealing with. It might include regulatory restrictions, security of highly significant data, or the appropriate utilization of certain technologies. Sometimes, it may be needed to describe terms. It is also vital that everyone involved in the policy, must understands its content. Moreover, the conditions must also be stated under which policy is applicable (Olzak, 2010; Patrick, 2001).
Objectives are usually specified within the scope definition and may take in actions and configurations forbidden or restricted. In addition, these are also normally defined outside a policy, conditions and organizational practices may necessitate placing certain standards and