click below
click below
Normal Size Small Size show me how
Chapter 14 Terms
Security
Term | Definition |
---|---|
Acceptable Use Policy | A policy that defines the actions users may perform while accessing systems and netoworking equipment |
Annualized Loss Expectancy | The expected monetary loss that can be anticipated for an asset due to a risk over a one year period |
Annualized Rate of Occurrance | The likelihood of risk occuring within a year |
Change Management | A methodology for making modifications to a system and keeping track of those changes |
Data policy | A security policy that addresses the different aspects of how data should be handled within an organization |
Data Retention Policy | A security policy that outlines how long to maintain information in the users possession |
Data Storage policy | A set of procedures designed to control and manage data within the organization by specification |
Data Wiping and Disposing Policy | A security policy that addresses how and when data will ultimately be erased |
False Negative | an event that does not appear to be a risk but actually turns out to be one |
False Positive | An event that in the beginning is considered to be a risk yet turns out to not be one |
Incident Management | The framework and functions required to enable incident response and incident handling within an organization |
Management Risk Control Type | A type or risk control that is administrative and covers the laws regulations policys practices and guidlines that govern the overall requriements and controls |
Mean Time to Failure | The average amount of time expected until the first failure of a piece of equipment |
Operational Risk Control Type | Risk control type that covers the operational procedures to limit risk |
Peer to Peer Network | A network that does not have servers so each device simultaneously functions as both a client and a server to all other devices connected to the network |
Privacy Policy | A security policy that outlines how the organization uses personal information it collects |
Qualitative Risk Calculation | An approach to risk calculation that attempts to create actual numbers of the risk by using historical data |
Role based Training | Specialized training that is customized to the specific role that an employee holds in the organization |
Security Policy | A written document that states how an organization plans to protct the companys information technology assets |
Single Loss Expectancy | The expected monetary loss every time a riks occurs |
Social Networking | Grouping individuals and organizations into clusters or groups based on a like affiliation |
Technical Risk Control Type | A risk control type that involves using technology to control risk. |