Strategic Planning
The process of defining and specifying long term directions to be taken by an organization.
What is strategic planning?
The three components of information security.
What is governance, risk management, and compliance?
An employee responsible for the creation, revision, distribution, and storage of a policy in an Organization
What is a Policy Administrator
A plan for the organization's intended strategic efforts over the next several years.
What is a strategic plan?
The 3 core principles of this term are confidentiality, integrity, and availability.
What is governance?
what is Written instructions provided by that inform employees and others in the workplace about proper behavior regarding the use of information and information assets.
What is information security policy?
A plan for the organization’s intended tactical efforts over the next few years.
What is a tactical plan?
Executive management’s responsibility to provide strategic direction, ensure the accomplishment of objectives, oversee that risks are appropriately managed, and validate responsible resource use.
What is corporate governance?
what is The high-level information security policy that sets the strategic direction, scope, and tone for all of an organization’s security efforts; also known as a security program policy, general security policy, IT security policy, high level InfoSec policy, or simply an InfoSec policy.
What is enterprise information security policy (EISP)?
A plan for the organizations intended operational efforts on a day to day basis for the next several months.
What are operational plans?
The application of principles and practices of corporate governance to the information security function.
What is information security governance?
An organizational policy that provides detailed, targeted guidance to instruct all members of the organization in the use of a resource, such as one of its processes or technologies.
What is an issue specific security policy?
A term often used synonymously with goals, the intermediate states obtained to achieve progress toward a goal or goals.
What is an objective?
The leadership, policies, and processes that directs an organization’s security activities to meet business goals, manage risks, and ensure regulatory compliance.
What is strategic framework of information security governance?
Organizational policies that often function as standards or procedures to be used when configuring or maintaining systems. Can be separated into two groups, managerial guidance and technical specifications.
What are systems-specific security policies?