Lot 2 Flashcards
Contains the essential elements of
effective processes for one or more disciplines. It also describes an evolutionary
improvement path from ad hoc, immature processes, to disciplined, mature processes,
with improved quality and effectiveness.
Capability Maturity Model Integration (CMMI) -
A legal principle regarding the validity and integrity of evidence. It
requires accountability for anything that will be used as evidence in a legal proceeding to
ensure that it can be accounted for from the time it was collected until the time it is
presented in a court of law. This includes documentation as to who had access to the
evidence and when, as well as the ability to identify evidence as being the exact item
that was recovered or tested. Lack of control over evidence can lead to it being
discredited. Chain of custody depends on the ability to verify that evidence could not
have been tampered with. This is accomplished by sealing off the evidence, so it cannot
be changed, and providing a documentary record of custody to prove that the evidence
was, at all times, under strict control and not subject to tampering.
Chain of custody -
A holistic and proactive approach to managing the transition
from a current to a desired organizational state.
Change management -
A system that provides a reference
method for publicly known information-security vulnerabilities and exposures. MITRE
Corporation maintains the system, with funding from the National Cyber Security Division
of the United States Department of Homeland Security.
Common vulnerabilities and exposures (CVE) -
An internal control that reduces the risk of an existing or
potential control weakness resulting in errors and omissions
Compensating control -
The protection of sensitive or private information from unauthorized
disclosure
Confidentiality -
The system by which enterprises are directed and controlled.
The board of directors is responsible for the governance of their enterprise. It consists of
the leadership and organizational structures and processes that ensure the enterprise
sustains and extends strategies and objectives.
Corporate governance -
A systematic process for calculating and comparing benefits
and costs of a project, control, or decision
Cost-benefit analysis -
A measure of the impact that the failure of a system to function as required
will have on the organization
Criticality -
The assignment of a level of sensitivity to data (or information) that
results in the specification of controls for each level of classification. Levels of sensitivity
of data are assigned according to predefined categories as data are created, amended,
enhanced, stored, or transmitted. The classification level is an indication of the value or
importance of the data to the organization
Data classification -