Term
|
Definition
| Concept at the heart of information security |
|
|
Term
|
Definition
| Type of action that has potential to cause harm |
|
|
Term
|
Definition
| Person or element with power to carry out a threat |
|
|
Term
|
Definition
| Flaw or weakness that allows threat agent to bypass security |
|
|
Term
|
Definition
| Likelihood threat agent will exploit the vulnerability |
|
|
Term
|
Definition
| Subject’s access level over an object, such as a file |
|
|
Term
|
Definition
| Process of assigning and revoking privileges to objects |
|
|
Term
|
Definition
Periodically reviewing a subject’s privileges over an object
Objective: determine if subject has the correct privileges |
|
|
Term
|
Definition
Threat
Threat agent
Vulnerability
Risk
Privilege
Privilege management
Privilege auditing
Change management |
|
|
Term
(CMT)
Change management team |
|
Definition
Body responsible for overseeing the changes
Composed of representatives from all areas of IT, network security, and upper management
Proposed changes must first be approved by CMT |
|
|
Term
|
Definition
| Planning, coordination, communications, and planning functions needed to resolve incident |
|
|
Term
| What Is a Security Policy? |
|
Definition
| Document that outlines protections to ensure organization’s assets face minimal risks |
|
|
Term
|
Definition
| Collection of requirements specific to system or procedure that must be met by everyone |
|
|
Term
|
Definition
| Collection of suggestions that should be implemented |
|
|
Term
|
Definition
Policy that defines actions users may perform while accessing systems
Users include employees, vendors, contractors, and visitors
Typically covers all computer use
Generally considered most important information security policy |
|
|
Term
|
Definition
Also called personally identifiable information policy
Outlines how organization uses personal information it collects |
|
|
Term
| Disposal and destruction policy |
|
Definition
Addresses disposal of confidential resources
Describes how to dispose of equipment, records, and data |
|
|
Term
|
Definition
Grouping individuals based on some sort of affiliation
Can be physical or online |
|
|
