If my memory serves me correctly, we touched on the concept of there being many synonymous terms in enterprise architecture and in technology in general. I need to do a better job at this myself, but I’ve seen “company” be used for “organization” and “organization” be used for “enterprise” and even a rotation of all three. There is a relation between the three terms but they all mean something different.
In Rob McMillan and Tom Scholtz’s article, Security Governance, Management and Operations Are Not the Same, they aim to clear up confusion and clarify that although the three terms are related, they do not mean the same thing. Security within an organization can be complex within itself, therefore making sure that there is a clear understanding of terms and their definitions is important. McMillan and Scholtz describe security governance, security management, and security operations as the following:
Security Governance
Security governance takes a high level view. It ensures that the strategy of the business is clearly defined and that the security measures needed can adequately accommodate the business strategy.
Security Management
Security management is the mid level view. It actually entails building and running the security program that was decided on and making sure that security measures continue to align with the overall business strategy.
Security Operations
Security operations is the ground level view. It involves the actual execution of the security-related processes on a day-to-day basis.
Having a clear understanding of these three terms will help to avoid confusion, avoid dysfunction, and attempt to security a little easier to understand.
Hopefully.
Source:
McMillan, R., & Scholtz, T. (2013, January 23). Security Governance, Management and Operations Are Not the Same. Retrieved October 20, 2017, from https://www.gartner.com/doc/2313217/security-governance-management-operations-