click below
click below
Normal Size Small Size show me how
CSCI340 Johnson Ch1
Term | Definition |
---|---|
Authentication | The process of determining the identity of an individual or device. |
Availability | Ensuring accessibility of information to authorized users when required. |
Business process reengineering (BPR) | A management technique used to improve the efficiency and effectiveness of a process within an organization. |
Conidentiality | Limiting access to information/data to authorized users only. |
Continuous improvement | An ad hoc, ongoing effort to improve business products, services, or processes. |
Data at rest | The state of data stored on any type of media. |
Data in transit | The state of data when traveling over or through a network. |
Governance | The act of managing implementation and compliance with organizational policies. |
Guideline | The parameters within which a policy, standard, or procedure recommended when possible but are optional. |
Information assurance | The implementation of controls designed to ensure confidentiality, integrity, availability, and non-repudiation. |
Information systems security (ISS) | The act of protecting information systems or IT infrastructures from unauthorized use, access, disruption, or destruction. |
Information systems security management life cycle | The five-phase management process of controlling the planning, implementation, evaluation, and maintenance of information systems security. |
Integrity | The act of ensuring that information has not been improperly changed. |
Need to know | A principle that restricts information access to only those users with an approved and valid requirement. |
Nonrepudiation | The concept of applying technology in way that an individual cannot deny or dispute they were part of a transaction. |
Policy | A document that states how the organization is to perform and conduct business functions and transactions with a desired outcome. |
Policy framework | A structure for organizing policies, standards, procedures, and guidelines. |
Procedure | A written statement describing the steps required to implement a process. |
Security policies | A set of policies that establish how an organization secures its facilities and IT infrastructure. Can also address how the organization meets regulatory requirements. |
Service level agreement (SLA) | The portion of a service contract that formally defines the level of service. These agreements are typical in telecommunications contracts for voice and data transmission circuits. |
Standard | An established and proven norm or method. This can be a procedural standard or a technical standard implemented organization-wide. |