IT security policy (program policy)

IT security policy (program policy) definition in Computer Security terms:

Acronym(s): None

Definition(s): A management official, normally the head of the organization or the senior administration official, issues program policy to establish (or restructure) the organization’s computer security program and its basic structure. This high-level policy defines the purpose of the program and its scope within the organization; assigns responsibilities (to the computer security organization) for direct program implementation, as well as other responsibilities to related offices (such as the Information Resources Management [IRM] organization); and addresses compliance issues. Program policy sets organizational strategic directions for security and assigns resources for its implementation.
Source(s): NIST SP 800-12

Synonym(s): None


reference: CSRC Glossary