Procedural security deals with the establishment and enforcement of security procedures. Some of these procedures may be independent of the type or types of computers involved. Others may not. For example, perimeter security
controls are usually similar for all type of systems. But desktop computers
may require forms of antitheft protection not required by mainframes.
Procedural security regulates the performance of duties associated with
system operation and use, and with the physical storage of system
information. Common security practices include partitioning computer
operating duties, using several operators, and storing backup tapes at bonded,
offsite depositories. Procedural security also encompasses and may regulate
company policies that deal with information security, such as policies that
regulate the way individuals manage their own passwords.