INFO ASSURANCE PRE FINALS

risk assessment

is to enable organization executives to determine an appropriate budget for security and, within that budget, implement security controls

Asset

An item of value to the achievement of organizational mission/business objectives

Threat

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation),

Threat severity

The magnitude of the potential of a threat event to impose a cost on an organization.

Threat strength

Also referred to as threat capability, the probable level of force that a threat agent can apply against an asset.

Threat event frequency

The probable frequency, within a given time frame, that a threat agent will act against an asset.

Vulnerability

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Security control

A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information

Impact

The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information

Likelihood

Also called loss event frequency, the probable frequency, within a given time frame, that a threat agent will inflict harm upon an asset.

Risk

A measure of the extent to which an entity is threatened by a potential circumstance or event.

Level of risk

The magnitude of a risk or a combination of risks, expressed in terms of the combination of consequences and their likelihood

Privacy impact assessment (PIA)

is an analysis of how information is handled to ensure that handling conforms to applicable legal, regulatory, and policy requirements

Prejudicial potential

An estimation of how much damage would be caused by all the potential consequences of a threa

Level of identification

An estimation of how easy it is to identify data subjects with the available data processed by the available software

Privacy Awareness

is the extent to which staff understands the importance of information privacy, the level of privacy required for personal information stored and processed by the organization, and their privacy responsibilities

Privacy culture

is the extent to which staff demonstrates expected privacy behavior in line with their privacy responsibilities and the level of privacy required for personal information stored and processed by the organization

Awareness

A set of activities that explains and promotes security, establishes accountability, and informs the workforce of security news

Cybersecurity essentials

Intended to develop secure practices in the use of IT resources. This level is needed for employees, including contractor employees, who are involved in any way with IT systems

Role-based training

Intended to provide the knowledge and skill-specific to an individual’s roles and responsibilities relative to information systems

Education/certification

Integrates all of the security skills and competencies of the various functional specialties into a common body of knowledge

personally identifiable information (PII)

All employees have some responsibilities related to the protection of this

Awareness training

a program that continually pushes the privacy message to users in a variety of formats.