Chapter 1 Flashcards
Set of cohesive tasks within a process.
Activity
Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information.
Adequate Security
An undesirable consequence associated with a loss.
Adverse Consequence
The process an organization employs to determine whether security controls are defined as system-specific, hybrid, or common.
Allocation
The process an organization employs to assign security controls to specific information system components responsible for providing a particular security capability (e.g., router, server, remote sensor, etc.).
Allocation
An analytical comparison or evaluation of proposed approaches to meet an objective.
Analysis of Alternatives
Can be applied to anything — from a large military acquisition decision to a decision between two products.
Analysis of Alternatives
The formal or informal process involves identifying key decision factors — such as lifecycle operations, support, training, sustainment costs, risks, and effectiveness— and assessing each option with respect to these factors.
Analysis of Alternatives
An analytical comparison if the operational effectiveness, cost, and risks of proposed materiel solutions to gaps and shortfalls in operational capability.
Analysis of Alternatives
Analyses that document the rationale for identifying/recommending a preferred solution or solutions to the identified shortfall.
Analysis of Alternatives
Can be triggered by threat changes, deficiencies, obsolescence of existing systems, or advances in technology.
Analysis of Alternatives
A software program hosted by an information system.
Application
A set of related physical and logical representations (i.e., views) of a system or a solution.
Architecture
Conveys information about system/solution elements, interconnections, relationships, and behavior at different levels of abstractions and with different scopes.
Architecture
Fundamental concepts or properties of a system in its environment embodied in its elements, relationships, and the principles of its design and evaluation.
Architecture (System)
A work product used to express an architecture.
Architecture Description
Conventions, principles, and practices for the description of architecture established within a specific domain of application and/or community of stakeholders.
Architecture Framework
A method for evaluating architecture-level designs that considers multiple attributes including modifiability, security, performance, and reliability, to gain insight as to whether the fully described architecture will meet its requirements.
Architecture Trade-off Analysis
Identifies trade-off points among multiple attributes (e.g., modifiability, security, performance, reliability, etc.), facilitates communication among stakeholders (e.g., customer, developer, maintainer, etc.) from the perspective of each attribute, clarifies and refines requirements, and provides a framework for an ongoing, concurrent process of system design and analysis.
Architecture Trade-off Analysis
A work product expressing the architecture of a system from the perspective of specific system concerns.
Architecture View
The property of being genuine and being able to be verified and trusted; confidence in the validity of a transmission, a message, or a message originator.
Authenticity
Hardware, software, and relevant documentation for an information system at a given point in time.
Baseline
Formally approved version of a configuration item, regardless of media, formally designated and fixed at a specific time during the configuration item’s lifecycle.
Baseline
A documented set of specifications for an information system, or a configuration item within a system, that has been formally reviewed and agreed on at a given point in time, and which can be changed only through change control procedures.
Baseline Configuration