Chapter 1- Information Systems Security Policy Management

Authentication
The process of determining the identity of an individual or device
Availability
Ensuring accessibility of information to authorized users when required
Business process reengineering (BPR)
A management technique used to improve the efficiency and effectiveness of a process within an organization
Confidentiality
Limiting access to information/data to authorized users only
Continuous Improvement
An ad hoc, ongoing effort to improve business products, services, or processes
Data at rest
The state of data stored on any type of media
Data in transit
The state of data when traveling through or over a network
Governance
The act of managing implementation and compliance with organization policies
Guideline
The parameters within which a policy, standard, or procedure is suggested but optional
Information Assurance
The implementation of controls designed to ensure confidentiality, integrity, availability, and non-repudiation
Information Systems Security
The act of protecting information systems or IT infrastructures from unauthorized use, access, disruption, or destruction
Information Systems Security Management Life Cycle
The five-phase management process of controlling the Planning, Implementation, Evaluation and Maintenance of information systems security
Integrity
The act of ensuring that information has not been improperly changed
Need to know
A principle that restricts information access to only users with an approved and valid requirement
Non-repudiation
The concept of applying technology in a way that an individual cannot deny or dispute they were part of a transaction
Policy
A document that states how the organization is to perform and conduct business functions and transactions with a desired outcome
Policy Framework
A structure for organizing policies , standards , procedures, and guidelines
Procedure
A written statement describing the steps required to implement a process
Security Policies
A set of policies that establish how an organization secures its facilities and IT infrastructure. Can also address how the organization meets regulatory requirements
Service Level Agreement (SLA)
The portion of a service contract that formally defines the level of service. These agreements are typical in telecommunications contracts for voice and data transmission circuits
Standard
An established and proven norm or method. This can be a procedural standard pr a technical standard implemented organization-wide