The growth of the Internet has been accompanied by a proliferation of e-services. The increasing attacks on these services by malicious individuals have highlighted the need for security. The security requirements of an e-service may be specified by the service provider in a security policy. However, a service consumer may have security preferences that are not reflected in this policy. In order for service providers to reach a wider market, a way of personalizing a security policy to a particular consumer is needed. We introduce the concept of security personalization, derive the content of an eservice security policy suitable for personalization, and describe four approaches for such personalization, including the design and use of a context-aware security policy agent (CASPA) that personalizes an eservice security policy to the needs of the consumer onthe- fly. We further give recommendations on applying the personalization approaches based on their advantages and disadvantages.