Lot 7 Flashcards
Directly related to business needs, SDO is the level
of services
Service delivery objective (SDO) -
An agreement, preferably documented, between a
service provider and the customer(s)/user(s) that defines minimum performance target
for a service and how they will be measured
Service level agreement (SLA) -
A security technique in which two or more entities
separately hold data items that individually convey no knowledge of the information that
results from combining the items; a condition under which two or more entities
separately have key components that individually convey no knowledge of the plaintext
key that will be produced when the key components are combined in the cryptographic
module
Split knowledge/split key -
A mandatory requirement, code of practice, or specification approved by a
recognized external standards organization, such as International Organization for
Standardization (ISO)
Standard -
Person or organization having responsibility for the development,
procurement, integration, modification, operation, and maintenance, and/or final
disposition of an information system
System owner -
Anything (e.g., object, substance, human) that is capable of acting against an
asset in a manner that can result in harm. A potential cause of unwanted incident.
(ISO/IEC 13335)
Threat -
Methods and things used to exploit a vulnerability. Examples include
determination, capability, motive, and resources
Threat agent -
An evaluation of the type, scope, and nature of events of actions that
can result in adverse consequences; identification of the threats that exist against
information assets. The threat analysis usually also defines the level of threat and the
likelihood of it materializing.
Threat analysis -
The identification of types of threats to which an organization might be exposed
Threat assessment -
Any event where a threat element/actor acts against an asset in a manner that has the potential to directly result in harm
Threat event -
Used to describe a given threat and the harm it could do to a system if it
has a vulnerability
Threat model -
The method a threat uses to exploit the target
Threat vector -
Includes the original cost of the computer plus the cost
of: software, hardware, and software upgrades, maintenance, technical support, training,
and certain activities performed by users
Total cost of ownership (TCO)-
A weakness in the design, implementation, operation, or internal controls
in a process that could be exploited to violate system security
Vulnerability -
A process of identifying and classifying vulnerabilities
Vulnerability analysis -