Domain 3 Information Security Program Overview

These flashcards cover key vocabulary from the lecture on information security programs, focusing on fundamental concepts necessary for understanding and managing security initiatives.

Holistic Approach

An approach that considers the entire system and its environment rather than focusing on individual components.

Siloed

Operating independently and not communicating or collaborating with other departments or functions.

Tick Box Exercise

A superficial approach to compliance or security where items are checked off without genuine engagement or thorough understanding.

Supply Chain Compromise

A security breach targeting a third-party service provider or partner to access a company's data or systems.

Zero Downtime

The goal of minimizing or eliminating interruptions to services during maintenance or updates.

Reputational Damage

Harm done to an organization's public image or credibility, often as a result of a security incident.

Risk Management

The process of identifying, analyzing, and mitigating potential risks that could negatively impact an organization.

Business Case

A document outlining the justification for initiating a project, emphasizing the benefits and return on investment.

Performance Measurement

The process of evaluating the effectiveness of a security program through the use of metrics and indicators.

Process Integration

The ability to harmonize and connect different functions and processes within an organization to work efficiently together.