Conjunto de
directrices plasmadas en documento escrito, que rigen la forma en que una
organización gestiona y protege la información y los servicios que considera críticos.
[ENS:2010]
Conjunto de
leyes, reglamentos y prácticas que regulan el modo en una organización
administra, protege y distribuye información confidencial.
http://es.pcisecuritystandards.org
Son las
decisiones o medidas de seguridad que una empresa a decidido tomar respecto a
la seguridad de sus sistemas de información después de evaluar el valor de sus
activos y los riegos a los que están expuestos. También puede referirse al
documento de nivel ejecutivo mediante el cual una empresa establece sus
directrices de seguridad de la información.
http://www.inteco.es/glossary/Formacion/Glosario/
(Diseño del
Servicio) Política que gobierna la visión de la Organización a la Gestión de la
Información de Seguridad. [ITIL:2007]
Conjunto de
leyes, normas y prácticas, que regulan la gestión, la protección y la
distribución de los bienes, información sensible incluida, de un organismo, en
el seno de éste. [CCN-STIC-207:2006]
Documento de
alto nivel que sirve como marco para reflejar las intenciones y requisitos de
seguridad de la información de una Organización. [CCN-STIC-401:2007]
Conjunto de
reglas establecidas por la autoridad de seguridad que rigen la utilización y
prestación de servicios y facilidades de seguridad. [X.509:2005]
1. Conjunto
de leyes, reglas y prácticas, que regulan el modo en que los bienes que
contienen información sensible son gestionados, protegidos y distribuidos
dentro de una organización (ITSEC).
2. Conjunto
de principios y normas que regulan la forma propia de cada organización, de
proteger las informaciones que maneja y los productos y sistemas de tratamiento
de dichas informaciones.
[Ribagorda:1997]
1. Conjunto
de reglas para el establecimiento de servicios de seguridad (ISO-7498-2).
2. Conjunto
de reglas establecidas por la Autoridad de seguridad, que gobiernan el uso y
suministro de servicios de seguridad e instalaciones seguras (ISO/IEC 9594-8,
ITU-T X.509)
[Ribagorda:1997]
Conjunto de
criterios para la prestación de servicios de seguridad (véanse también
«política de seguridad basada en la identidad» y «política de seguridad basada
en reglas»). [ISO-7498-2:1989]
Conjunto,
formalizado en un documento aplicable, de elementos estratégicos, directivas,
procedimientos, códigos de conducta, normas organizacionales y técnicas, que
tiene por objetivo la protección del (o de los) sistema(s) de información del
organismo. [PSSI] [EBIOS:2005]
Aggregate of directives,
regulations, rules, and practices that prescribe how an organization manages,
protects, and distributes information. [CNSSI_4009:2010]
1. (I) A definite goal,
course, or method of action to guide and determine present and future decisions
concerning security in a system. [NCS03, R3198] (Compare: certificate policy.)
2a. (I) A set of policy
rules (or principles) that direct how a system (or an organization) provides
security services to protect sensitive and critical system resources. (See:
identity-based security policy, policy rule, rule-based security policy, rules
of behavior. Compare: security architecture, security doctrine, security
mechanism, security model, [R1281].)
2b. (O) A set of rules to
administer, manage, and control access to network resources. [R3060, R3198]
2c. (O) /X.509/ A set of
rules laid down by an authority to govern the use and provision of security
services and facilities.
2d. (O) /Common Criteria/ A
set of rules that regulate how assets are managed, protected, and distributed
within a TOE.
[RFC4949:2007]
within the context of this
document; rules, directives and practices that govern how assets, including
sensitive information, are managed, protected and distributed within an
organization and its systems, particularly those which impact the systems and associated
elements. [ISO-21827:2007]
(Service Design) The Policy
that governs the Organisation's approach to Information Security Management. [ITIL:2007]
a set of security rules,
procedures, or guidelines imposed (or presumed to be imposed) now and/or in the
future by an actual or hypothetical organisation in the operational
environment. [CC:2006]
The set of rules laid down
by the security authority governing the use and provision of security services
and facilities. [X.509:2005]
Set of strategic
information, directives, procedures, codes of conduct, organisational and
technical rules formalised in an applicable document whose objective is to
protect the organisation's information system(s). [EBIOS:2005]
Security rule, procedure,
code of conduct or guideline that an organisation imposes for its operation. [ISO 15408] [EBIOS:2005]
The statement of required
protection of the information objects. [NIST-SP800-27:2004]
The statement of required
protection of the information objects. [NIST-SP800-33:2001]
the set of laws, rules and
practices that regulate how assets including sensitive information are managed,
protected and distributed within a user organisation. [ITSEC:1991]
the set of laws, rules and
practices that regulate how sensitive information and other information are
managed, protected and distributed within a specific system.. [ITSEC:1991]
the set of laws, rules and
practices regulating the processing of sensitive information and the use of
resources by the hardware and software of an IT system or product. [ITSEC:1991]
The set of criteria for the
provision of security services. [ISO-7498-2:1989]
A security policy based on
the identities and/or attributes of users, a group of users, or entities acting
on behalf of the users and the resources/objects being accessed. [ISO-7498-2:1989]
The set of laws, rules, and
practices that regulate how an organization manages, protects, and distributes
sensitive information. [TCSEC:1985]
Set of laws, rules, and
practices that regulate how an organization manages, protects, and distributes
sensitive information.
https://www.pcisecuritystandards.org/security_standards/glossary.php
In business, a security
policy is a document that states in writing how a company plans to protect the
company's physical and information technology (IT) assets. A security policy is
often considered to be a "living document", meaning that the document
is never finished, but is continuously updated as technology and employee
requirements change. A company's security policy may include an acceptable use
policy, a description of how the company plans to educate its employees about
protecting the company's assets, an explanation of how security measurements
will be carried out and enforced, and a procedure for evaluating the
effectiveness of the security policy to ensure that necessary corrections will
be made.
http://searchsecurity.techtarget.com/
A set of rules and practices
that specify or regulate how a system or organization provides security
services to protect sensitive and critical system resources.
http://www.sans.org/security-resources/glossary-of-terms/
A Security Policy is a set
of objectives, rules of behaviour for users and administrators, and
requirements for system configuration and management that collectively are designed
to ensure Security of computer systems in an organization.
A Security Policy might
include sections on:
·
Virus
detection and prevention.
·
Firewall
use and configuration.
·
Password strength and management.
·
Host System administration
practices.
·
Access Control rules.
·
Use of Access Logs.
·
Use of
screen locking software.
·
Logging
out of unattended workstations.
·
Physical security.
·
Account termination.
·
Procedures
for granting and revoking system access.
http://hitachi-id.com/concepts/security_policy.html
Ensemble de lois, de
règles et de pratiques régissant la manière dont une organisation gère, protège
et distribue des informations sensibles.
http://fr.pcisecuritystandards.org/
(Conception de
services) La politique qui gouverne l'approche que peut avoir une organisation
en termes de Gestion de la Sécurité de l'Information. [ITIL:2007]
ensemble de règles
fixées par l'autorité de sécurité qui régit l'utilisation et la fourniture de
services et de fonctionnalités de sécurité. [X.509:2005]
Ensemble des critères
permettant de fournir des services de sécurité [voir aussi «politique de
sécurité fondée sur l'identité» (§ 3.3.30) et «politique de sécurité fondée sur
des règles» [ISO-7498-2:1989]
Ensemble, formalisé
dans un document applicable, des éléments stratégiques, des directives,
procédures, codes de conduite, règles organisationnelles et techniques, ayant
pour objectif la protection du (des) système(s) d'information de l'organisme. [PSSI] [EBIOS:2005]
Ensemble de règles et
de mesures décrivant les objectifs et exigences de sécurité d'une organisation.
La politique fait suite à une analyse des risques et fait appel à des
procédures particulières. La direction de l'organisation doit s'engager à faire
respecter la politique de sécurité auprès de ses employés, collaborateurs et
intervenants.
http://www.cases.public.lu/functions/glossaire/