Key Definitions in Information Security and Risk Management

Classified in Other subjects

Written on in English with a size of 2.67 KB

Information Security and Risk Management Terminology

Core Information Security Concepts

3.1 Activities

Anything that has value to the organization.

3.2 Availability

Ability to be accessible and usable on demand by an authorized entity.

3.3 Confidentiality

The property that information is not available or discoverable by unauthorized users, entities, or processes.

3.4 Information Security

Preservation of confidentiality, integrity, and availability of information. Additionally, other properties such as authentication/authorization, logging, non-repudiation, and reliability may also be considered.

3.5 Information Security Events

An occurrence identified on a system, service, or network whose state indicates a possible breach in information security policy or a failure to maintain it. Any previously unknown situation may also be relevant from a security perspective.

3.6 Information Security Incident

One or more unwanted or unexpected information security events that have a certain probability of compromising business operations and threatening information security.

3.7 Information Security Management System (ISMS)

Part of enterprise systems based on business risk analysis, which seeks to establish, implement, operate, monitor, review, maintain, and improve information security.

Risk Management Definitions

3.8 Integrity

The property of safeguarding the accuracy and completeness of assets.

3.9 Residual Risk

Risk remaining after a security threat has been addressed.

3.10 Risk Acceptance

The decision to accept a risk.

3.11 Risk Analysis

Systematic use of information sources to identify and assess risks.

3.12 Risk Valuation

The total process of risk analysis and assessment.

3.13 Risk Assessment

The process of comparing estimated risks against established risk criteria to determine the degree of significant risk.

3.14 Risk Management

Coordinated activities to direct and control measures necessary for the management of risk within the organization.

3.15 Risk Treatment

The process of selecting and implementing measures to modify risk.

3.16 Statement of Applicability

A document describing the control objectives and controls that are relevant and applicable to the organization's ISMS.

Karma: 0%
Visits: 0

Related entries:

Tags:
Residual Risk Data Protection Risk Analysis Availability Integrity Risk Assessment Risk Management Cybersecurity Security Incident Authentication Confidentiality Security Policy Risk Treatment Information Security ISMS