Open adammontville opened 6 years ago
What does "security program" mean?
That's a fair question. In trying to find a standard definition for "security program", I realized that I should probably have said "information security program" which seems to have some fairly well-understood boundaries (see these Google search results).
If you, or someone else, has a better way to describe this, please let me know.
Ah OK I think I was confused by the definition of program. I thought you meant
a series of coded software instructions to control the operation of a computer or other machine.
But apparently you meant
a set of related measures or activities with a particular long-term aim.
But yes, Information Security is more specific than security.
In any case, I think usage of such a term would require a new entry in the terminology section.
We could add another term. How about this definition for information security program:
A documented approach for organizing and directing all activities undertaken to ensure the confidentiality, integrity, and availability of the information held by the organization.
That's taken from ISO 704:2009.
That would do it 😄
:+1: for adding the term "Information Security Program" defined in ISO 704:2009 in order to be used in the definition of Security Automation proposed by Adam.
The present definition is:
I propose (changes emphasized):