INFORMATION SECURITY
Cards (97)
- This term specified the need to secure the physical location of computer technology from outside threats.
- The industry standard for computer security since the development of the mainframe. The standard is based on three characteristics that describe the utility of information: confidentiality, integrity, and availability.
- The protection of all communications media, technology, and content.
- Protection of the confidentiality, integrity, and availability of information assets, whether in storage, processing, or transmission, via the application of policy, education, training and awareness, and technology
- A subset of communications security; the protection of voice and data networking components, connections, and content.
- A state of being secure and free from danger or harm. Also, the actions taken to make someone or something secure.
- An attribute of information that describes how data is free of errors and has the value that the user expects.
- An attribute of information that describes how data is genuine or original rather than reproduced or fabricated.
- An attribute of information that describes how data is accessible and correctly formatted for use without interference or obstruction.
- An attribute of information that describes how data is protected from disclosure or exposure to unauthorized individuals or systems.
- An attribute of information that describes how data is whole, complete, and uncorrupted.
- A set of information that could uniquely identify an individual.
- An attribute of information that describes how the data’s ownership or control is legitimate or authorized.
- An attribute of information that describes how data has value or usefulness for an end purpose.
- The entire set of software, hardware, data, people, procedures, and networks that enable the use of information resources in the organization.
- The protection of physical items, objects, or areas from unauthorized access and misuse.
- A method of establishing security policies and/or practices that begins as a grassroots effort in which systems administrators attempt to improve the security of their systems.
- A methodology of establishing security policies and/or practices that is initiated by upper management.
- A methodology for the design and implementation of an information system. The SDLC contains different phases depending on the methodology deployed, but generally the phases address the investigation, analysis, design, implementation, and maintenance of an information system.
- A formal approach to solving a problem based on a structured sequence of procedures
- A type of SDLC in which each phase of the process “flows from” the information gained in the previous phase, with multiple opportunities to return to previous phases and adjust.
- A methodological approach to the development of software that seeks to build security into the development life cycle rather than address it at later stages. SA attempts to intentionally create software free of vulnerabilities and provide effective, efficient software that users can deploy with confidence.
- An executive-level position that oversees the organization’s computing technology and strives to create efficiency in the processing and access of the organization’s information.
- Typically considered the top information security officer in an organization. The CISO is usually not an executive-level position, and frequently the person in this role reports to the CIO.
- A small functional team of people who are experienced in one or multiple facets of the required technical and nontechnical areas for the project to which they are assigned.
- Individuals who work directly with data owners and are responsible for storage, maintenance, and protection of information.
- Individuals who control, and are therefore responsible for, the security and use of a particular set of information; data owners may rely on custodians for the practical aspects of protecting their information, specifying which users are authorized to access it, but they are ultimately responsible for it.
- Internal and external stakeholders (customers, suppliers, and employees) who interact with information in support of their organization’s planning and operations.
- A group of individuals who are united by similar interests or values within an organization and who share a common goal of helping the organization to meet its objectives
- Items of fact collected by an organization. Data includes raw numbers, facts, and words. Student quiz scores are a simple example of data.
- Data that has been organized, structured, and presented to provide additional insight into its context, worth, and usefulness. For example, a student’s class average can be presented in the context of its value, as in “90 ¼ A.”
- The focus of information security; information that has value to the organization, and the systems that store, process, and transmit the information. media As a subset of information assets, the systems and networks that store, process, and transmit information.
- An intentional or unintentional act that can damage or otherwise compromise information and the systems that support it. Attacks can be active or passive and direct or indirect. exploit A technique used to compromise a system.
- A potential weakness in an asset or its defensive control system(s).
- The creation, ownership, and control of original ideas as well as the representation of those ideas.
- An interruption in service, usually from a service provider, which causes an adverse event within an organization.
- The percentage of time a particular service is not available; the opposite of uptime.
- A document or part of a document that specifies the expected level of service from a service provider. An SLA usually contains provisions for minimum acceptable availability and penalties or remediation procedures for downtime.
- The percentage of time a particular service is available; the opposite of downtime.
- A long-term interruption (outage) in electrical power availability.