--- title: "Defining Your Organization's Risk Tolerance" slug: "defining-security-policy" updated: 2023-03-29T10:33:01Z published: 2023-03-29T10:33:02Z --- > ## Documentation Index > Fetch the complete documentation index at: https://trusted.jamf.com/llms.txt > Use this file to discover all available pages before exploring further. # Defining Security Policy Defining a security policy for your organization is a foundational configuration step to deploy Trusted Access. A security policy defines the types of threats your organization considers risky, and defines a risk level for each. ## Jamf Protect for Mobile Devices To configure Jamf Protect for Mobile Devices, you use RADAR's [Security Policy Configuration](https://docs.jamf.com/jamf-security/radar/documentation/Security_Policy_Configuration.html) to enable or disable categories of threats, and further define the risk-level (None/Low/Med/High) that a given threat within each category represents. As threats within these categories are detected, the risk for the devices upon which the threats were detected are updated auomatically. These device risk levels directly drive [network risk-based access policies](/v1/docs/risk-based-access-controls), which determine the apps and data a given device is permitted to access with a given risk level. When [Jamf Pro is integrated with the Jamf Security Cloud](https://docs.jamf.com/jamf-security/radar/documentation/UEM_JamfPro_Establishing_UEM_Connectivity.html), each device's [risk score (Secure/Low/Medium/High) is sent to Jamf Pro](https://docs.jamf.com/jamf-security/radar/documentation/UEM_Connect_Settings.html#reference-9646) in the form of an extension attribute, enabling automatic MDM-level threat response via dynamic smart group assignment logic. ## macOS Security Portal In the macOS Security Portal, you can monitor [Insights](https://docs.jamf.com/jamf-protect/documentation/Insights.html) that are able to reveal your endpoints compliance baselines. Any devices that are out of compliance can be corrected by using appropraite Jamf Pro configuration profiles. [Analytics](https://docs.jamf.com/jamf-protect/documentation/Analytics.html) are used to monitor for specific behavior on macOS endpoints that may indicate the presence of malware or an active attack. There are numerous [built-in](https://docs.jamf.com/jamf-protect/evaluation-guide/Built-in_Analytics.html) analytics and you can define your own [custom](https://docs.jamf.com/jamf-protect/evaluation-guide/Custom_Analytics.html) analytics as well. Based upon your organization's security sensitivity, you'll want to tune all or select analytic's [severity](https://docs.jamf.com/jamf-protect/documentation/Analytics.html#concept-7877) setting to help drive the appropraite threat response if the analytic is triggered.