7. Risk Management and Compliance

ALE

Annualized Loss Expectancy: Expected monetary loss for an asset due to risk over a year

ARO

Annualized Rate of Occurrence: Expected frequency of a specific threat occurring within a year

AUP

Acceptable Use Policy: Rules governing computer and network use

BCP

Business Continuity Planning: Preparation to ensure critical functions continue during disruptions

BIA

Business Impact Analysis: Process identifying critical business functions and disruption impacts

BPA

Business Partners Agreement: Formal contract between business partners defining relationship

CAR

Corrective Action Report: Formal documentation of steps to address non-compliance

COOP

Continuity of Operation Planning: Plans maintaining essential functions during emergencies

CP

Contingency Planning: Preparation for future events that may impact operations

DRP

Disaster Recovery Plan: Documented process for recovery after disasters

GDPR

General Data Protection Regulation: EU regulation on data protection and privacy

HA

High Availability: System design ensuring operational continuity

MOA

Memorandum of Agreement: Document describing cooperative relationship

MOU

Memorandum of Understanding: Document describing mutual agreement without creating binding obligations

MSA

Master Service Agreement: Contract defining terms for future agreements

MTBF

Mean Time Between Failures: Average time between system failures

MTTF

Mean Time to Failure: Average time to failure for non-repairable systems

MTTR

Mean Time to Recover: Average time to restore a system after failure

NDA

Non-disclosure Agreement: Legal contract ensuring confidential information remains protected

NIST

National Institute of Standards & Technology: US agency establishing technology standards

PCI DSS

Payment Card Industry Data Security Standard: Security standard for organizations handling credit cards

ROI

Return on Investment: Performance measure evaluating investment efficiency

RPO

Recovery Point Objective: Maximum acceptable data loss measured in time

RTO

Recovery Time Objective: Maximum acceptable time to restore a service after disruption

SLA

Service-level Agreement: Contract defining service provider responsibilities

SLE

Single Loss Expectancy: Monetary value expected from a single loss event

SOW

Statement of Work: Document defining project-specific activities and deliverables

TOU

Time-of-use: Policy defining when resources may be used