Computer-based systems and methods are disclosed for a comprehensive security model for managing foreign content downloaded from a computer network. The methods and systems include the configuration of a system security policy that is stored on a host computer. The system security policy includes one or more independently configurable security zones. Each security zone corresponds to a group of network locations and may have one or more associated configurable protected operations that control the access to the host system by foreign content downloaded from the computer network. A protected operations may have one or more associated configurable permissions that define the capabilities of the protected operation. Each permission may be defined by one or more parameters and each parameter may be defined by one or more primitives. The permissions may be defined to enable the permission, disable the permission, or prompt the user when the permission is required. The permission may also be configured to the “fine grained” level of the primitives. Default permission levels that provide predefined parameter and primitive entries that are grouped as high security, medium security, and low security may be selected by the user at most levels of the configuration.