Vocab 1 Flashcards
Organizational policy that describes both acceptable and unacceptable actions when using organizational computing resources, as well as the consequences of violating the policy.
acceptable use policy (AUP)
The processes and technologies involved in protecting information, systems, and data against unauthorized disclosure, modification, or loss through the control of access to those resources physically and/or logically.
access control
The ability to trace an action or event to a definitive user and to hold that user responsible for their actions.
accountability
Tools that interact actively with a system and can often give you a more realistic perspective of vulnerabilities and the overall control effectiveness; can also cause performance issues.
active tools
The process of determining whether a program or a project is meeting specified objectives and of determining whether the controls selected to protect the system are performing their desired function to the level required.
assessment
Anything of value to an organization; assets can include tangible items such as information, data, equipment, supplies, facilities, and systems, or intangible items such as customer loyalty and reputation.
asset
The process of reviewing different data sources, including log files and access control records, to determine compliance with security policy or detect deviations or anomalies.
auditing
The process of validating credentials that a user has supplied to verify that they are the actual authorized user and that the credentials belong to that user.
authentication
The process of giving authenticated users the proper accesses to systems, data, and facilities.
authorization
The goal of having information and systems available to authorized users whenever and however they need them.
availability
Must be made if the response can’t be quickly or easily implemented without a significant cost or change to the organization or the system. A business case for a risk response justifies the expense and work required to make the response function properly.
business case
The process, generally detailed in a supporting plan, that keeps the company operating and functioning in the event of a power outage, IT malfunction, or major disaster.
business continuity
The process of analyzing the critical missions and business processes and the systems used to complete those tasks and of determining the impact to the mission of a loss or disruption in access to those systems.
business impact assessment
The ability for the organization to implement a risk response.
capability
Control Objectives for Information and Related Technology (but now typically referred to by its acronym). This management and governance framework was developed and is used extensively by ISACA in its various risk management and business process frameworks. It is currently in version 5.
COBIT