Term
|
Definition
| Programmed checks or other controls pertinent to end-user applications |
|
|
Term
|
Definition
| An attack is a series of steps taken by an attacker to achieve an unauthorized result |
|
|
Term
|
Definition
| Process of validating the identity of teh user or program that is requesting access to a computing resource |
|
|
Term
|
Definition
| Confidential information is kept away from those who are not supposed to see it. Authorized users with proper access privleges may work with confidential data, but others are not allowed access. The confidentiality of information is maintained by strict access privleges that guard the relese of confidential data. Data may also be garbled (encrypted) to perserve confidentiality. |
|
|
Term
|
Definition
| Threats are successful only if vulnerabilities in the system exist. A design and implementation of internal control measures make possible the mitigation of vulnerability found in a system. This process of buidling controls is guided by internal control and information security objectives. |
|
|
Term
|
Definition
| An action that dilutes the potential impact of a known vulnerability |
|
|
Term
|
Definition
| Ensure continued, proper operation of information systems. Typically, general controls affect all application systems that depend on the firm's computing environment. For example, controls concerning operating systems are general controls, whereas any controls built into a payroll application are application controls. |
|
|
Term
|
Definition
| The term integrity implies truthfulness, something you can depend on. Information integrity exists when the information that users receive from teh system is accurate and reliable. To produce information with high integrity, the entire system needs to function reliably. |
|
|
Term
|
Definition
| The term security connotes protection, as in being able to depend on an entity, which in our case is an information system. Often, the term also refers to the confidence or comfort level associated with being safe and protected. |
|
|
Term
|
Definition
| A set of control measures targeted to achieve control objectives |
|
|
Term
|
Definition
| The message that a sender transmits is received without any modification during transmission by the receiver. Message integrity does not necessarily imply that teh message itself has information integrity. Thus, a lie that is transmitted without modification in transit has message integrity but not information security. |
|
|
Term
|
Definition
| Holding a person accountable can be seen as taking away the person's ability to repudiate the action (e.g., placing an order online). This is called the objective of nonrepudiation. "I didn't do this" would be difficult to defend if the circumstances surrounding the act (e.g., time of day and IP address of the computer used) and proof of identity (e.g., passowrd, smart card, or a digital certificate) are used to track the transaction. |
|
|
Term
|
Definition
| Specific types of controls designed to protect information assets |
|
|
Term
|
Definition
| Can be interpreted as the state of readiness of systems so that authorized users can access and use the system for their purposes and during expected times of operation |
|
|
Term
|
Definition
| The probability of an attack on the information asset |
|
|
Term
|
Definition
| A threat may be konwn or unknown and is triggered by a threat agent, typically a person within the business or from the outside |
|
|
Term
|
Definition
| A vulnerability is a weakness in an information asset that leads to risk |
|
|
