"The active policy on the client's computer that programmatically generates a granted set of permissions from a set of requested permissions. A security policy consists of several levels that interact; by default only permissions granted by all layers are allowed to be granted." (Damien Watkins et al, "Programming in the .NET Environment", 2002)
"A collection of standards, policies, and procedures created to guarantee the security of a system and ensure auditing and compliance." (Carlos Coronel et al, "Database Systems: Design, Implementation, and Management" 9th Ed, 2011)
"The set of decisions that govern security controls." (Mark Rhodes-Ousley, "Information Security: The Complete Reference" 2nd Ed., 2013)
"In label-based access control, a database object that is associated with one or more tables and that defines how LBAC can be used to protect those tables. The security policy defines what security labels can be used, how the security labels are compared to each other, and whether optional behaviors are used. See also label-based access control, security label." (IBM, "Informix Servers 12.1", 2014)
"A written statement describing the constraints or behavior an organization embraces regarding the information provided by its users" (Nell Dale & John Lewis, "Computer Science Illuminated" 6th Ed., 2015)
"Strategic tool used to dictate how sensitive information and resources are to be managed and protected." (Adam Gordon, "Official (ISC)2 Guide to the CISSP CBK" 4th Ed., 2015)
"Set of rules, guidelines and procedures represented in official security documents that define way in which state will protect its own national security interests." (Olivera Injac & Ramo Šendelj, "National Security Policy and Strategy and Cyber Security Risks", 2016)
"A set of rules and practices that specify or regulate how a system or an organization provides security services to protect sensitive and critical system resources." (William Stallings, "Effective Cybersecurity: A Guide to Using Best Practices and Standards", 2018)
"A statement of the rules governing the access to a system’s protected resources." (O Sami Saydjari, "Engineering Trustworthy Systems: Get Cybersecurity Design Right the First Time", 2018)
"In label-based access control, a database object that is associated with one or more tables and that defines how LBAC can be used to protect those tables. The security policy defines what security labels can be used, how the security labels are compared to each other, and whether optional behaviors are used. See also label-based access control, security label." (Sybase, "Open Server Server-Library/C Reference Manual", 2019)
"A set of criteria for the provision of security services." (CNSSI 4009-2015 NIST)
"A set of methods for protecting a database from accidental or malicious destruction of data or damage to the database infrastructure." (Oracle)
"Security policies define the objectives and constraints for the security program. Policies are created at several levels, ranging from organization or corporate policy to specific operational constraints (e.g., remote access). In general, policies provide answers to the questions 'what' and 'why' without dealing with 'how'. Policies are normally stated in terms that are technology-independent." (NIST SP 800-82 Rev. 2)