Basic guidelines and rules defining security for an organization or system. For systems, the security policy defines and codifies who has access and who does not have access to information, how to deal with viruses, external attacks on the system, and so on.