Proposed update to Security Automation

[adammontville]

The present definition is:

The process of which security alerts can be automated through the use of different components to monitor, analyze and assess endpoints and network traffic for the purposes of detecting misconfigurations, misbehaviors or threats.

I propose (changes emphasized):

The process by which security programs can be automated through the use of different components to monitor, analyze and assess endpoints and network traffic for the purposes of detecting misconfigurations, misbehaviors or threats.

[davidkazuhiro]

What does "security program" mean?

[adammontville]

That's a fair question. In trying to find a standard definition for "security program", I realized that I should probably have said "information security program" which seems to have some fairly well-understood boundaries (see these Google search results).

If you, or someone else, has a better way to describe this, please let me know.

[davidkazuhiro]

Ah OK I think I was confused by the definition of program. I thought you meant

a series of coded software instructions to control the operation of a computer or other machine.

But apparently you meant

a set of related measures or activities with a particular long-term aim.

But yes, Information Security is more specific than security.

In any case, I think usage of such a term would require a new entry in the terminology section.

[adammontville]

We could add another term. How about this definition for information security program:

A documented approach for organizing and directing all activities undertaken to ensure the confidentiality, integrity, and availability of the information held by the organization.

That's taken from ISO 704:2009.

[davidkazuhiro]

That would do it 😄

[henkbirkholz]

:+1: for adding the term "Information Security Program" defined in ISO 704:2009 in order to be used in the definition of Security Automation proposed by Adam.