Term
| acceptable use policy/rules |
|
Definition
| Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access |
|
|
Term
| annual loss expectancy (ALE) |
|
Definition
| This is a monetary measure of how much loss you could expect in a year. |
|
|
Term
| single loss expectancy (SLE) |
|
Definition
This loss can be a critical failure, or it can be the result of an attack. It is monetary value, and it represents how much you could expect to lose at any one time. can be divided into two components:
AV (asset value): the value of the item
EF (exposure factor): the percentage of it threatened |
|
|
Term
| annualized rate of occurrence (ARO) |
|
Definition
| A calculation of how often a threat will occur. For example, a threat that occurs once every five years, it will be 1/5, or 0.2. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| value of an item (server, property, and so on) associated with cash flow. |
|
|
Term
| business impact analysis (BIA) |
|
Definition
| A study of the possible impact if a disruption to a business’s vital resources were to occur. |
|
|
Term
| business partners agreement (BPA) |
|
Definition
| An agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses. |
|
|
Term
|
Definition
| he potential percentage of loss to an asset if a threat is realized. |
|
|
Term
| interconnection security agreement (ISA) |
|
Definition
| As defined by NIST (in Publication 800-47), it is “an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations.” |
|
|
Term
| maximum tolerable downtime (MTD) |
|
Definition
| The maximum period of time that a business process can be down before the survival of the organization is at risk. |
|
|
Term
| mean time between failures (MTBF) |
|
Definition
| The measurement of the anticipated lifetime of a system or component. |
|
|
Term
| mean time to failure (MTTF) |
|
Definition
| The measurement of the average of how long it takes a system or component to fail. |
|
|
Term
| mean time to restore (MTTR) |
|
Definition
| The measurement of how long it takes to repair a system or component once a failure occurs. |
|
|
Term
| A PIA privacy impact assessment |
|
Definition
| often associated with a business impact analysis, and it identifies the adverse impacts that can be associated with the destruction, corruption, or loss of accountability of data for the organization |
|
|
Term
| A PTA privacy threshold assessment |
|
Definition
| This is the compliance tool used in conjunction with the PIA, more commonly known as an “analysis” |
|
|
Term
| memorandum of understanding (MOU)/memorandum of agreement (MOA) |
|
Definition
| Most commonly known as an MOU rather than MOA, this is a document between two or more parties defining their respective responsibilities in accomplishing a particular goal or mission, such as securing a system. |
|
|
Term
| recovery point objective (RPO) |
|
Definition
| The point last known good data prior to an outage that is used to recover systems. |
|
|
Term
| recovery time objective (RTO) |
|
Definition
| The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable. |
|
|
Term
| Redundant Array of Independent Disks (RAID) |
|
Definition
| A configuration of multiple hard disks used to provide fault tolerance should a disk fail. |
|
|
