Information Systems Security (INFOSEC)
Information Systems Security (INFOSEC): The practice of protecting information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. It is used in organizations to ensure the confidentiality, integrity, and availability of information assets. Examples – encryption, access control, and intrusion detection.
Information Systems Security Manager (ISSM)
Information Systems Security Manager (ISSM): A person who is responsible for managing the information security program of an organization. It is used in organizations to ensure that information security policies and procedures are implemented and followed. Examples include overseeing security training for employees, conducting security assessments, and responding to security incidents.
Information Systems Security Officer (ISSO)
Information Systems Security Officer (ISSO): A person who is responsible for implementing and maintaining information security controls for a specific information system. It is used in organizations to ensure that the information system is secure and compliant with information security policies and regulations. Examples – implementing access controls, conducting security audits, and providing security guidance […]
Information Technology (IT)
Information Technology (IT): Information Technology (IT) involves the use of computers, networking, and other physical devices to manage and process data. IT is integral to modern businesses, providing tools for data analysis, infrastructure management, and digital communications. Cybersecurity is a critical aspect of IT, protecting data from threats like hacking and breaches. With technology’s rapid […]
Information Technology Security Evaluation Criteria (ITSEC)
Information Technology Security Evaluation Criteria (ITSEC): A set of standards and guidelines used to evaluate the security of information technology products and systems. It is used in organizations to ensure that the information technology they use is secure and compliant with information security standards. Examples – functional and assurance requirements, security targets, and evaluator qualifications.
Inherent risk
Inherent risk: Inherent risk refers to the exposure to potential negative outcomes in any activity or process that is present before any mitigating controls or actions are applied. It’s essential in risk management to assess the raw exposure to threats in order to effectively plan for risk reduction measures. Examples include the inherent risk of […]