Security policy is the statement about security to be enforced. Any operating system must have sound security policy to build confidence to be trusted. Different security policies include:
- Military Security Policy: Here each piece of information is ranked, much like in military, with sensitivity level viz unclassified, restricted, confidential, secret, or top secret. These ranks or levels form a hierarchy like in military and reflect an increasing order of sensitivity.
- Commercial Security Policies: This policy it not as stringent as military security policy and based on the fear of an industrialist its information about the new product is not revealed to the competitors and hence the steps it takes. Here though the hierarchy is not that rigid still the work in an organization in accomplished by dividing them into groups or departments. Each department is responsible for a number of disjoint projects. E.g. Finance department looks after accounts and HR department looks after personnel requirements. Data items at any level may have different degrees of sensitivity, such as public, proprietary, or internal. No universal hierarchy approach exists as requirements vary from organization to organization.