Conjunto de
programas de seguridad que permiten materializar las decisiones de gestión de
riesgos. [Magerit:2012]
Formal document that
provides an overview of the security requirements for the information system
and describes the security controls in place or planned for meeting those
requirements. [FIPS-200:2006] [NIST-SP800-53:2013]
The Information Security
plan complements the IT Plan in so far as it documents, budgets and resources
the upgrades to both hardware, software, training and procedures, in relation
to Information Security.
http://www.passwordnow.com/en/glossary/information-security-plan.html
Provides a baseline of a
system's security. A comprehensive system security plan describes the security
controls that are in use, or plan to be used to protect all aspects of the
system. Security plans are supported by security policy and can be essential
tools that identify weaknesses in the system and document what controls will be
added to combat the weaknesses.
http://www.utexas.edu/its/policies/glossary.html
An information security plan
is a document that guides the activities of an organisation towards a more
secure environment. It summarises the decisions what security barriers,
security policies and training an organisation need to implement. The plan is based
on the unique needs and strategies of the organisation.
http://www.itrainonline.org/itrainonline/mmtk/