Conjunto de
programas de seguridad que permiten materializar las decisiones de gestión de
riesgos. [Magerit:2012]
Formal document
that provides an overview of the security requirements for the information
system and describes the security controls in place or planned for meeting
those requirements. [FIPS-200:2006] [NIST-SP800-53:2013]
The Information
Security plan complements the IT Plan in so far as it documents, budgets and
resources the upgrades to both hardware, software, training and procedures, in
relation to Information Security.
http://www.passwordnow.com/en/glossary/information-security-plan.html
Provides a
baseline of a system's security. A comprehensive system security plan describes
the security controls that are in use, or plan to be used to protect all
aspects of the system. Security plans are supported by security policy and can
be essential tools that identify weaknesses in the system and document what
controls will be added to combat the weaknesses.
http://www.utexas.edu/its/policies/glossary.html
An information
security plan is a document that guides the activities of an organisation
towards a more secure environment. It summarises the decisions what security
barriers, security policies and training an organisation need to implement. The
plan is based on the unique needs and strategies of the organisation.
http://www.itrainonline.org/itrainonline/mmtk/
Temas relacionados