click below
click below
Normal Size Small Size show me how
Domain 1
Security and Risk Management
Term | Definition |
---|---|
•Audit/Auditing | Auditing is the information gathering and analysis of assets to ensure such things as policy compliance and security from vulnerabilities. |
•Compliance | Adherence to a mandate; both the actions demonstrating adherence and the tools, processes, and documentation that are used in adherence. |
•Data Custodian | The role within the processing entity (IT department) that handles the data daily |
•Data Owner/Controller | The entity that collects/creates the PII and is legally responsible and accountable for protecting it and educating others about how to protect the data through dissemination of intellectual property rights documentation, policies and regulatory . |
•Data Subject | The person who the information is about |
•PII (Personally identifiable information) | Any data about a human being that could be used to identify that person |
•Policy | Documents published and promulgated by senior management dictating and describing the organization’s strategic goals. |
• Security Control Framework | A collection of security controls and implementation and audit guidelines well-organized as a template or solution for organizations to mitigate risks |
• Standards | They are considered to be tactical documents, which present more detailed steps or processes that are necessary to meet a specific requirement. |
• Due Care | Refers to the ongoing efforts an organization makes to maintain and improve its cybersecurity measures |
• Due Diligence | Refers to the comprehensive process an organization undertakes to understand and manage the cyber risks associated with third-party partners, vendors, and acquisitions. |
• RTO (Recovery Time Objective) | RTO is the goal an organization sets for the maximum length of time it should take to restore normal operations following an outage or data loss. |
• MAD (Maximum allowable downtime) (aka MTD) | The measure of how long an organization can . Also known as maximum tolerable downtime (MTD) |
• Residual Risk | The amount of risk that remains after controls are accounted for. |
RPO(Recovery Point Objective) | RPO is the goal for the maximum amount of data the organization can tolerate losing |