职能与职位的区别

Security management policy will contain following security policy related steps;

安全管理策略将包含以下与安全策略相关的步骤；

• Security Policy Creation
  安全策略创建
• Security Policy Implementation
  安全政策实施
• Security Policy Enforcement
  安全策略执行

every organization have some strategy, goals, mission and objectives. Security management planning will align security function with these. While creating a security plan there are things we should be aware and have limited resources to use.

每个组织都有一些策略，目标，使命和目标。 安全管理计划将使安全功能与这些保持一致。 在创建安全计划时，我们应该意识到一些事情，并且使用的资源有限。

限制条件 (Restrictions)

We will have mainly following restrictions while planning security.

在计划安全性时，我们将主要遵循以下限制。

• Budget
  预算
• Personnel Requirements
  人员需求
• Organization Culture
  组织文化
• Technical Infrastructure
  技术基础设施

If we want to get the maximum gain from our security planning we should be aware of the previously defined restrictions.

如果我们想从我们的安全计划中获得最大收益，那么我们应该了解先前定义的限制。

实施流程 (Implementation Flow)

During the plan creation phase there are some tricks to make our security plan successful. One of them is using right implementation flow. Security planning is a work where all security related roles should involve in a proper manner. In this example we will divide the layers 4 but can be changed according to needs

在计划创建阶段，有一些技巧可以使我们的安全计划成功。 其中之一是使用正确的实现流程。 安全计划是一项工作，所有与安全相关的角色都应以适当的方式参与。 在此示例中，我们将划分第4层，但可以根据需要进行更改

• Chief Security Officer and Senior Management

  首席安全官和高级管理人员

  •  This level personnel should define policies for the organization
    该级别人员应为组织制定政策

• Middle Management

  中层管理人员

  • This level should create standards, baselines, guidelines and procedures according to policy of organization
    该级别应根据组织政策制定标准，基准，指南和程序

• Operational Managers and Security Professionals

  运营经理和安全专业人员

  • This level should implement configuration and technical details of the security management
    该级别应实施安全管理的配置和技术细节

• End Users

  终端用户

  • This level  should comply with the provides security policies
    此级别应符合提供的安全策略

安全计划(Security Plans)

Security plans binds the work into date. This is very important for the implementation. There is mainly 3 type of plans those have connected each other. Below we provides the time based relation of these plans.

安全计划将工作绑定到了最新的版本。 这对于实施非常重要。 相互联系的计划主要有3种。 下面我们提供这些计划的基于时间的关系。

战略计划(Strategic Plan)

Strategic plan is defined for long-term and it does not change generally. It is more obsolete and provides organization security purpose. For example it can be defined for 5 years. Strategic plan should include risk assessment.

战略计划是长期的，它通常不会改变。 它已过时并提供组织安全性目的。 例如，可以定义为5年。 战略计划应包括风险评估。

战术计划 (Tactical Plan)

Tatical is defined for midterm. It is bind by strategic plan and provides more details. Tactical plan may be defined for 1year period. Here a list of tactical plans

术语定义为期中考试。 它受战略计划约束，并提供更多详细信息。 可以为1年期制定战术计划。 这里是战术计划清单

• Project Plans
  项目计划
• Acquisition Plans
  采购计划
• Hiring Plan
  招聘计划
• Budget Plans
  预算计划
• Maintenance Plans
  维修计划
• Support Plans
  支持计划
• System Development Plans
  系统开发计划

运作计划(Operational Plan)

Operational plan is very detailed plan which provides technical details about the word. It must be aligned with both strategic and tactical plan. It generally provides step by step details. Followings are examples about operational plans. Operational plans must be documented for effectiveness.

操作计划是非常详细的计划，其中提供了有关该词的技术细节。 它必须与战略和战术计划保持一致。 它通常提供逐步的详细信息。 以下是有关运营计划的示例。 必须对运营计划进行记录以确保有效性。

• Training Plans
  培训计划
• System Deployment Plans
  系统部署计划
• Product Design Plans
  产品设计方案

翻译自: https://www.poftut.com/alignment-security-function-strategy-goals-mission/

职能与职位的区别