Security Program
The means by which the Target State is reached by executing a set of prioritised Tasks to transform the Current State, with the objective of increasing Maturity and decreasing Risk.
Target State
The Asset Hierarchy of the Security Profile has a set of Control Objectives that need to be met across all assets to meet the Target Maturity Level and decrease the level of Risk to within the specified Risk Appetite.
Tasks
The Tasks required to transition from the Current State to the Target State to close the gaps between the two.
Work Packages
Related Tasks are grouped together into Work Packages, the contents of which should be executed together.
A Work Package can considered one to one with a Project or Statement of Work.
Horizons
Work Packages are prioritised based on their estimated Return on Investment (ROI) and delivered over a number of time Horizons, each of which correspond to a measurable increase in Maturity and corresponding decrease in Risk.