Re discussion statement in: Creating a Security Policy

the_bro

In the above section, it states:
Policies should be generic and not hard to grasp as that makes them easier to follow. They must safeguard the data that needs protection, deny access to required services...

Why would I implement a policy whereby access to required services on my system(s) is denied?

coop

To those who should not be permitted access.