a “well-informed sense of assurance that the information risks and controls are in balance.”

“the quality or state of being secure – to be free from danger”

relates to the actual input and output processes of the system. It focuses on how data is entered into a system, verified, processed and displayed as output

The branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgment.

Feasibility analysis to determine whether project should be continued or outsourced

Components evaluated on make-or-buy decision

“the quality or state of being secure – to be free from danger”

A hacker who intentionally removes or bypasses software copyright protection designed

oversees the people, processes and technologies within a company’s IT organization to ensure they deliver outcomes that support the goals of the business

The process of identifying risk, assessing its relative magnitude, and taking steps to reduce it to an acceptable level

Main factor is business need

Rules that mandate or prohibit certain behavior and are enforced by the state.

The application of controls that reduce the risks to an organization’s information assets to an acceptable leveL

The branch of philosophy that considers nature, criteria, sources, logic, and the validity of moral judgment.

Necessary data support and structures identified

“the quality or state of being secure – to be free from danger”

The high-level information security policy that sets the strategic direction, scope, and tone for all of an organization’s security efforts.

A hacker who intentionally removes or bypasses software copyright protection designed to prevent unauthorized duplication or use

is software used by a company to manage key parts of operations, including accounting and resource management.

Also known as a security program policy, general security policy, IT security policy, high-level InfoSec policy, or simply an InfoSec policy

a conceptual abstract design. You do not deal with the physical implementation details yet; you deal only with defining the types of information that you need.

Also known as a security program policy, general security policy, IT security policy, high-level InfoSec policy, or simply an InfoSec policy

Feasibility analysis to determine whether project should be continued or outsourced

a hacker who manipulates the public telephone system to make free calls or disrupt services.

a conceptual abstract design. You do not deal with the physical implementation details yet; you deal only with defining the types of information that you need.

Creates and develops blueprints for information security

The high-level information security policy that sets the strategic direction, scope, and tone for all of an organization’s security efforts.

Feasibility analysis to determine whether project should be continued or outsourced