Risk Management Flashcards
CIO
Chief Information Officer
The most senior executive in an enterprise who works with information technology and computer systems, in order to support enterprise goals.
They are responsible for the management, implementation, and usability of information and computer technologies.
RAID
Redundant Array of Inexpensive Disks
Multiple disks added together to increase performance or provide protection against faults.
Inexpensive way to improve fault tolerance
Common types include:
- RAID-1
- RAID-5
- RAID-6
- RAID-10
SECaaS
Security as a Service
Cloud delivered model for outsourcing cybersecurity services
SLA
Serviced Level Agreement
A business agreement that defines what services and support are provided to a client
PHI
Personal Health Information
Any information in a medical record that can be used to identify an individual and that was created used or disclosed to a covered entity and/or their business associate(s) in the course of providing a health care service such as a diagnosis or treatment.
NDA
Non-Disclosure Agreement
A contract that states that an individual will not share certain sensitive information to outside parties under penalty of law
ISA
Interconnection Security Agreement
- Document that defines security-relevant aspects of an intended connection between an agency and an external system.
- Specifies the security interface between any two systems operating under two different distinct authorities.
TCO
Total Cost of Ownership
Purchase price of an asset plus the costs of operation
MTBF
Mean Time Between Failures
The rating of a device or component that predicts the expected time between failures.
PIA
Privacy Impact Assessment
A tool for identifying and analyzing risks to privacy during the development life cycle of a program or system.
PII
Personally Identifiable Information
Information about individuals that can be used to trace a person’s identity, such as:
- full name
- birth date
- biometric data
- ssn
BPA
Business Partners Agreement
Defines how a partnership between organizations will be conducted and what is expected of each organization.
BIA
Business Impact Analysis
Process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency.
One phase of Business Continuity Planning.
SDLC
Software Development Life Cycle
The process of designing and deploying software from the initial planning stages before the app is deployed all the way to its obsolescence
laaS
Infrastructure as a Service
A computing method that uses the cloud to provide any or all infrastructure needs
PHI
Personal Health Information
PII that includes health information.
RTO
Recovery Time Objective
Length of time it takes after an event to resume normal business operations and activities
ARO
Annual/Annualized Rate of Occurrence
Number of times a loss is expected to occur in a year.
Used to quantitatively measure risk with ALE (Annual Loss Expectancy) and SLE (Single Loss Expectancy):
ARO x SLE = ALE
ISP
Internet Service Provider
Organization that provides a myriad of services for accessing using or participating in the Internet.
ISSO
Information Systems Security Officer
- Executive that establishes and enforces security policies to protect an organization’s computer infrastructure networks and data.
- Similar to CSO and generally reports to the CIO.
PIA
Privacy Impact Assessment
A tool for identifying and analyzing risks to privacy during the development life cycle of a program or system.
IR
Incident Response
An organized approach to addressing and managing the aftermath of a security breach or cyberattack.
The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.