Ver:
Un planteamiento y un plan que cubre: (a) los
servicios de seguridad que se le exigen a un sistema, (b) los componentes
necesarios para proporcionar dichos servicios y (c) las características que se
requieren de dichos componentes para enfrentarse eficazmante a las amenazas
previsibles. [RFC4949:2007]
(I) A plan and set of
principles that describe (a) the security services that a system is required to
provide to meet the needs of its users, (b) the system components required to
implement the services, and (c) the performance levels required in the
components to deal with the threat environment (e.g., [R2179]). (See: defense
in depth, IATF, OSIRM Security Architecture, security controls, Tutorial under
"security policy".) [RFC4949:2007]
A description of security
principles and an overall approach for complying with the principles that drive
the system design; i.e., guidelines on the placement and implementation of
specific security services within various distributed computing environments. [NIST-SP800-33:2001]