Security policies define how an organization protects its information. They guide behavior, define rules, and ensure compliance with laws and standards.
Example:
A policy may require strong passwords, MFA, and regular software updates for all employees.