The security policy consists of defining the rules that must be followed by all if the organization is to reach the level of security of the information defined in the security strategy.