ISO 27000 Vocabulary
Terms in this set (46)
to ensure that access to assets is authorized and restricted based on business and security requirements
responsibility of an entity for its actions and decisions
anything that has value in the organization such as information, software, physical (such as a computer), services, people and their qualifications, skills and experience, intangibles such as reputation and image.
to destroy, expose, alter, disable, steal or gain unauthorized access to or make unauthorized use of an asset
provision of assurance that a claimed characteristic of an entity is correct
property that an entity is what it claims to be
property of being accessible and usable upon demand by an authorized entity
processes and/or procedures for ensuring continued business operations
property that information is not made available or disclosed to unauthorized individuals, entities or processes
means of managing risk, including policies, procedures, guidelines, practices or organizational structures, which can be administrative, technical management or legal in nature
statement describing what is to be achieved as a result of implementing controls
action to eliminate the cause of a detected nonconformity or the undesirable situation
exent to which planned activities are realized and planned results achieved
relationship between the results achieved and how well the resources have been used
occurence of a particular set of circumstances
recommendation of what is expected to be done to achieve an objective
adverse change to the level of business objectives achieved
knowledge or data that has value to the organization
preservation of confidentiality, integrity and availability of information. Athenticity, accountability, non-repudiation and reliability can also be involved.
information security event
identified occurence of a system, service or network state indicating a possible breach of information security policy or failure of controls or a previously unknown situation that may be security relevant.
information security incident
single or series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.
information security incident management
processes for detecting, reporting, assessing, repsonding to, dealing with, and learning from information security incidents
information security management system
part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security
information security risk
potential that a threat will exploit a vulnerability of an asset or group of assets and thereby cause harm to the organization
property of protecting the accuracy and completeness of assets
framework of policies, procedures, guidelines and associated resources to achive the objectives of the organization
ability to prove the occurence of a claimed event or action and its originating entities, in order to resolve disputes about the occurrence or non-occurrence of the event or action and involvement of entities in the event
overall intention and direction as formally expressed by management
action to eliminate the cause of a potential nonconformity or other undesirable potential situation
specified way to carry out an activity or a process
set of interrelated or interacting activities which transforms inputs into outputs
document stating results achieved or providing evidence of activities performed
property of consistent intended behavior and results
combo of the probability of an event and its consequence
decision to accept a risk
systematic use of information to identify sources and to esitmate risk. Provides a basis for risk evaluation, risk treatment, and risk acceptance.
overall process of risk analysis and risk evlauation
exchange or sharing of information about risk between the decision-maker and other stakeholders
terms of reference by which the significance of risk is assessed
activity to assign values to the probability and consequences of risk
process of comparing the estimated risk against given risk criteria to determine the significance of the risk
coordinated activities to direct and control an orgnization with regard to risk. Usually includes risk assessment, risk treatment, risk acceptance, risk communication, risk monitoring and risk review.
process of selection and implementation of measures to modify risk
statement of applicability
documented statement describing the control objectives and controls that are relevant and applicable to the organization's ISMS
potential cause of an unwanted incident, which may result in harm to a system or organization
weakness of an asset or control that can be exploted by a threat
YOU MIGHT ALSO LIKE...
Academic Word Lists - AWL Sublists
Risk Management, Quiz 4
Information Security Management Chapter 14
OTHER SETS BY THIS CREATOR
Lesson 5: Days
Lesson 13: Colors
THIS SET IS OFTEN IN FOLDERS WITH...
ISO 27000 Series
Network+ Quizlet 23-24
Hadoop Ch 10 Administering Hadoop
Chapter 3 SQL