Security Policy Management
Skill Purpose: Define, enforce, and maintain security policies for access control, data handling, and compliance.
Core Skill Pattern
Objective: Keep security policies current, actionable, and enforceable.
Universal Pattern:
- •Define policies for access, data, and secrets
- •Map policies to technical controls
- •Establish review and approval workflow
- •Track exceptions and expirations
- •Audit compliance regularly
Key Decisions (Project-Specific):
- •Policy ownership and review cadence
- •Required evidence and audit trail
- •Compliance frameworks in scope
- •Exception handling rules
Project-Specific Implementation Notes
Customize per project:
- •Align with company risk tolerance
- •Ensure policies match real system capabilities
- •Maintain an exception register
Example Policy Areas
- •Password and MFA requirements
- •Data classification and retention
- •Secrets management and rotation
- •Dependency update SLAs
- •Incident response escalation
Best Practices
- •Keep policies short and enforceable
- •Automate compliance checks where possible
- •Review policies at least quarterly
- •Document exceptions with expiry dates
- •Tie policies to measurable controls
Stop Conditions
STOP and escalate if:
- •Policies conflict with system design
- •Compliance requirements are unclear
- •Exceptions are unmanaged
Skill Version: 1.0.0