Читаем CISSP Practice полностью

A single point of access through a Web browser to business information inside and/or outside an organization.

Information quality

Information quality is composed of three elements such as utility, integrity, and objectivity.

Information resources

Information and related resources, such as personnel, equipment, funds, and information technology.

Information rights

The rights that individuals and organizations have regarding information that pertains to them.

Information security

The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.

Information security architecture

An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational subunits, showing their alignment with the enterprise’s mission and strategic plans.

Information security policy

Aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.

Information security program plan

A formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.

Information system (IS)

A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.

Information system owner

An official responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.

Information system resilience

The ability of an information system to continue to: (1) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover to an effective operational posture in a time frame consistent with mission needs. It supports agile defense strategy and is the same as resilience.

Information system security officer (ISSO)

Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for ensuring the appropriate operational security posture is maintained for an information system or program.

Information-systems (IS) security

The protection afforded to information systems in order to preserve the availability, integrity, and confidentiality of the systems and information contained within the systems. Such protection is the application of the combination of all security disciplines that will, at a minimum, include communications security, emanation security, emission security, computer security, operational security, information security, personnel security, industrial security, resource protection, and physical security.

Information systems security engineering

The art and science of discovering users’ information protection needs and then designing and making information systems, with economy and elegance, so they can safely resist the forces to which they may be subjected.

Information technology (IT)

(1) Any equipment or interconnected system or sub-system of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by an organization or its contractor. (2) The term IT includes computers, ancillary equipment, software, firmware, and similar procedures, services (including support services), and related resources.

Information-technology (IT) architecture

An integrated framework for evolving or maintaining existing IT and acquiring new IT to achieve the organization’s strategic goals. A complete IT architecture should consist of both logical and technical components. The logical architecture provides the high-level description of the organization’s mission, functional requirements, information requirements, system components, and information flows among the components. The technical architecture defines the specific IT standards and rules used to implement the logical architecture.

Information type