Like this study set? Create a free account to save it.

Sign up for an account

Already have a Quizlet account? .

Create an account

Dissemination (distribution)

Term saying the organization must be able to demonstrate that relevant policy has been made readily available for review by employee

Review (reading)

Term saying the organization must be able to demonstrate that it disseminated document in intelligible form, including versions for illiterate, non-English reading, and reading-impaired employees

Comprehension (understanding)

Term saying the organization must be able to demonstrate that employees understand requirements and content of policy

Compliance (agreement)

Term saying the organization must be able to demonstrate that employees agree to comply with policy through act or affirmation

Uniform enforcement

Term saying that organization must be able to demonstrate policy has been uniformly enforced


a set of guidelines or instructions an organization's senior management implements to regulate activities of members of organization who make decisions, take actions, and perform other duties; are organizational laws


more detailed statements of what must be done to comply with policy


is also known as a general security policy, IT security policy, or information security policy. This policy sets the strategic direction, scope, and tone for all security efforts within the organization.

Statement of Purpose, IT security elements, need for IT security, IT security responsibilities and roles, reference to other IT standards and guidelines

Components of the EISP


Policy that addresses specific areas of technology, requires frequent updates, and contains an issue statement on the organization's position on an issue.

statement of policy, authorized access, prohibited usage, systems management, violations, review and modification, limitations of liability

Components of the ISSP

Managerial guidance SysSPs

SysSp group created by management to guide implementation and configuration of technology as well as to regulate behavior of people in the organization

Technical specifications SysSPs

SysSp group that uses set of configurations to implement managerial policy

Access control lists

policies that consist of the access control lists, matrices, and capability tables governing the rights and privileges of a particular user to a particular system.

Configuration rule policies

policies that comprise specific configuration codes entered into security systems to guide execution of the system

Security blueprint

is basis for design, selection, and implementation of all security program elements including policy implementation, ongoing policy management, risk management programs, education and training programs, technological controls, and maintenance of security program

Security framework

is outline of overall information security strategy and roadmap for planned changes to the organization's information security environment

ISO 27000 series

One of the most widely referenced and often discussed security models is the Information Technology - Code of Practice for Information Security Management, which was originally published as the British Standard BS 7799.

sphere of security

the foundation of the security framework. It represents the fact that information is under attack from a variety of sources.

Defense in depth

One of the foundations of security architectures is the requirement to implement security in layers. It requires that the organization establish sufficient security controls and safeguards, so that an intruder faces multiple layers of controls.

security perimeter

The point at which an organization's security protection ends, and the outside world begins


is a control measure designed to reduce the incidences of accidental security breaches by employees. These programs are designed to supplement the general education and training programs in place to educate staff on information security. Consists of three elements: security education, security training, and security awareness

contingency planning (CP)

the entire planning conducted by the organization to prepare for, react to and recover from events that threaten the security of information and information assets in the organization, and the subsequent restoration to normal modes of business operations.

incident response planning (IRP)

the planning process associated with the identification, classification, response, and recovery from an incident.

disaster recovery planning (DRP)

the planning process associated with the preparation for and recovery from a disaster, whether natural or man-made.

Business Continuity Planning (BCP)

the planning process associated with ensuring that critical business functions continue if a catastrophic incident or disaster occurs.

Business Impact Analysis (BIA)

an investigation and assessment of the impact that various attacks can have on the organization, and takes up where the Risk Assessment process leaves off.

attack profile

a detailed description of the activities that occur during an attack, must be developed for every serious threat the organization faces and are used to determine the extent of damage that could result to a business unit if the attack were successful.

attack scenario end case

the final result of the business impact analysis, which utilizes attack success scenarios to estimate the cost of the best, worst, and most likely cases.

incident response (IR)

the set of activities taken to plan for, detect, and correct the impact of an asset on information assets.

Business continuity planning

this outlines reestablishment of critical business operations during a disaster that impacts operations at the primary site. If a disaster has rendered the current location of the business unusable for continued operations, there must be a plan to allow the business to continue to function.

crisis management

This includes the actions taken during and after a disaster, and focuses first and foremost on the people involved and addresses the viability of the business.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions and try again


Reload the page to try again!


Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

Voice Recording