Ver:
· Política
Conjunto de
directrices plasmadas en documento escrito, que rigen la forma en que una
organización gestiona y protege la información y los servicios que considera críticos.
[ENS:2010]
Conjunto de
leyes, reglamentos y prácticas que regulan el modo en una organización
administra, protege y distribuye información confidencial.
http://es.pcisecuritystandards.org
Son las
decisiones o medidas de seguridad que una empresa a decidido tomar respecto a
la seguridad de sus sistemas de información después de evaluar el valor de sus
activos y los riegos a los que están expuestos. También puede referirse al
documento de nivel ejecutivo mediante el cual una empresa establece sus
directrices de seguridad de la información.
http://www.inteco.es/glossary/Formacion/Glosario/
(Diseño del
Servicio) Política que gobierna la visión de la Organización a la Gestión de la
Información de Seguridad. [ITIL:2007]
Conjunto de
leyes, normas y prácticas, que regulan la gestión, la protección y la
distribución de los bienes, información sensible incluida, de un organismo, en
el seno de éste. [CCN-STIC-207:2006]
Documento de
alto nivel que sirve como marco para reflejar las intenciones y requisitos de
seguridad de la información de una Organización. [CCN-STIC-401:2007]
Conjunto de
reglas establecidas por la autoridad de seguridad que rigen la utilización y
prestación de servicios y facilidades de seguridad. [X.509:2005]
1. Conjunto
de leyes, reglas y prácticas, que regulan el modo en que los bienes que
contienen información sensible son gestionados, protegidos y distribuidos
dentro de una organización (ITSEC).
2. Conjunto
de principios y normas que regulan la forma propia de cada organización, de
proteger las informaciones que maneja y los productos y sistemas de tratamiento
de dichas informaciones.
[Ribagorda:1997]
1. Conjunto
de reglas para el establecimiento de servicios de seguridad (ISO-7498-2).
2. Conjunto
de reglas establecidas por la Autoridad de seguridad, que gobiernan el uso y
suministro de servicios de seguridad e instalaciones seguras (ISO/IEC 9594-8,
ITU-T X.509)
[Ribagorda:1997]
Conjunto de
criterios para la prestación de servicios de seguridad (véanse también
«política de seguridad basada en la identidad» y «política de seguridad basada
en reglas»). [ISO-7498-2:1989]
Conjunto,
formalizado en un documento aplicable, de elementos estratégicos, directivas,
procedimientos, códigos de conducta, normas organizacionales y técnicas, que
tiene por objetivo la protección del (o de los) sistema(s) de información del
organismo. [PSSI] [EBIOS:2005]
Aggregate of
directives, regulations, rules, and practices that prescribe how an
organization manages, protects, and distributes information. [CNSSI_4009:2010]
1. (I) A definite
goal, course, or method of action to guide and determine present and future
decisions concerning security in a system. [NCS03, R3198] (Compare: certificate
policy.)
2a. (I) A set of
policy rules (or principles) that direct how a system (or an organization)
provides security services to protect sensitive and critical system resources.
(See: identity-based security policy, policy rule, rule-based security policy,
rules of behavior. Compare: security architecture, security doctrine, security
mechanism, security model, [R1281].)
2b. (O) A set of
rules to administer, manage, and control access to network resources. [R3060,
R3198]
2c. (O) /X.509/ A
set of rules laid down by an authority to govern the use and provision of
security services and facilities.
2d. (O) /Common
Criteria/ A set of rules that regulate how assets are managed, protected, and
distributed within a TOE.
[RFC4949:2007]
within the
context of this document; rules, directives and practices that govern how
assets, including sensitive information, are managed, protected and distributed
within an organization and its systems, particularly those which impact the
systems and associated elements. [ISO-21827:2007]
(Service Design)
The Policy that governs the Organisation's approach to Information Security
Management. [ITIL:2007]
a set of security
rules, procedures, or guidelines imposed (or presumed to be imposed) now and/or
in the future by an actual or hypothetical organisation in the operational
environment. [CC:2006]
The set of rules
laid down by the security authority governing the use and provision of security
services and facilities. [X.509:2005]
Set of strategic
information, directives, procedures, codes of conduct, organisational and
technical rules formalised in an applicable document whose objective is to
protect the organisation's information system(s). [EBIOS:2005]
Security rule,
procedure, code of conduct or guideline that an organisation imposes for its
operation. [ISO
15408] [EBIOS:2005]
The statement of
required protection of the information objects. [NIST-SP800-27:2004]
The statement of
required protection of the information objects. [NIST-SP800-33:2001]
the set of laws,
rules and practices that regulate how assets including sensitive information
are managed, protected and distributed within a user organisation. [ITSEC:1991]
the set of laws,
rules and practices that regulate how sensitive information and other
information are managed, protected and distributed within a specific system.. [ITSEC:1991]
the set of laws,
rules and practices regulating the processing of sensitive information and the
use of resources by the hardware and software of an IT system or product. [ITSEC:1991]
The set of
criteria for the provision of security services. [ISO-7498-2:1989]
A security policy
based on the identities and/or attributes of users, a group of users, or
entities acting on behalf of the users and the resources/objects being
accessed. [ISO-7498-2:1989]
The set of laws,
rules, and practices that regulate how an organization manages, protects, and
distributes sensitive information. [TCSEC:1985]
Set of laws,
rules, and practices that regulate how an organization manages, protects, and
distributes sensitive information.
https://www.pcisecuritystandards.org/security_standards/glossary.php
In business, a
security policy is a document that states in writing how a company plans to
protect the company's physical and information technology (IT) assets. A security
policy is often considered to be a "living document", meaning that
the document is never finished, but is continuously updated as technology and
employee requirements change. A company's security policy may include an
acceptable use policy, a description of how the company plans to educate its
employees about protecting the company's assets, an explanation of how security
measurements will be carried out and enforced, and a procedure for evaluating
the effectiveness of the security policy to ensure that necessary corrections
will be made.
http://searchsecurity.techtarget.com/
A set of rules
and practices that specify or regulate how a system or organization provides
security services to protect sensitive and critical system resources.
http://www.sans.org/security-resources/glossary-of-terms/
A Security Policy
is a set of objectives, rules of behaviour for users and administrators, and
requirements for system configuration and management that collectively are designed
to ensure Security of computer systems in an organization.
A Security Policy
might include sections on:
·
Virus
detection and prevention.
·
Firewall
use and configuration.
· Password strength and management.
· Host System administration practices.
· Access Control rules.
· Use of Access Logs.
·
Use
of screen locking software.
·
Logging
out of unattended workstations.
· Physical security.
· Account termination.
·
Procedures
for granting and revoking system access.
http://hitachi-id.com/concepts/security_policy.html
Ensemble de lois, de
règles et de pratiques régissant la manière dont une organisation gère, protège
et distribue des informations sensibles.
http://fr.pcisecuritystandards.org/
(Conception de
services) La politique qui gouverne l'approche que peut avoir une organisation
en termes de Gestion de la Sécurité de l'Information. [ITIL:2007]
ensemble de règles
fixées par l'autorité de sécurité qui régit l'utilisation et la fourniture de
services et de fonctionnalités de sécurité. [X.509:2005]
Ensemble des critères
permettant de fournir des services de sécurité [voir aussi «politique de
sécurité fondée sur l'identité» (§ 3.3.30) et «politique de sécurité fondée sur
des règles» [ISO-7498-2:1989]
Ensemble, formalisé
dans un document applicable, des éléments stratégiques, des directives,
procédures, codes de conduite, règles organisationnelles et techniques, ayant
pour objectif la protection du (des) système(s) d'information de l'organisme. [PSSI] [EBIOS:2005]
Ensemble de règles et
de mesures décrivant les objectifs et exigences de sécurité d'une organisation.
La politique fait suite à une analyse des risques et fait appel à des
procédures particulières. La direction de l'organisation doit s'engager à faire
respecter la politique de sécurité auprès de ses employés, collaborateurs et
intervenants.
http://www.cases.public.lu/functions/glossaire/
Temas relacionados