Security terms and definitions ____________________
• Risk - the effect of uncertainty on the achievement
• Risk management process - the systematic application of policies, procedures and management practices in the activities of communication, consultation, establishing the context, as well as the identification, analysis, evaluation, treatment, monitoring and reviewing risk
• setting the context - defining internal and external parameters to be considered in risk management and determining the scope and risk criteria for policy on risk management
• criteria for risk - terms of reference against which the significance of risk is assessed
• Risk assessment - comprehensive process that includes risk identification, risk analysis and risk assessment
• Risk analysis - the process of understanding the nature of the risk and determining the level of risk
• Risk Matrix - a tool for classifying and displaying risks by defining categories of consequences and plausibility
• acceptance of risk - informed decision to assume a certain risk
• treating risk - risk modification process
• Residual risk - risk remaining after risk treatment
• Security - a situation in which you are protected against the dangers and losses; is obtained by reducing the adverse consequences associated with intentional or irrational actions of others
• Physical security - the security that presents both practical measures for prevention and for preventing attackers have access to objective information and advice on resources and infrastructure design to resist the hostile acts
• Critical Infrastructure - element, system or part thereof located in Member States which is essential for the maintenance of vital societal functions, health, safety, security, social welfare or economic people, and the disruption or destruction would have a significant impact in a Member State as a result of the failure to maintain those functions
• resilience - resilience of an organization in a complex and changing environment
• information security - confidentiality, integrity and availability of information
• Privacy - the property that information is not made available or disclosed to any person, entity or unauthorized processes
• Integrity - the property to protect the accuracy and completeness of resources
• Availability - the property of being accessible and usable upon request by an authorized entity
• Authenticity - the property that an entity is what it claims to be
• Attack - attempt to destroy, expose, modify, disable, steal or gain unauthorized access or unauthorized use of a resource
• threat - potential cause of an unwanted incident which may cause damage to a system or organization
• vulnerability - weakness of a resource or means of control which can be exploited by a threat
• Event information security - in fact identified with the state of a system, a service, or network indicating a potential violation of information security, a failure of the means of control or situation previously ignored but which may be relevant in terms of security
• information security incident - one or a series of events on unwanted or unexpected information security having a significant probability of compromising business operations and threatening information security
• impact - unfavorable modification on the achieved business objectives
• information security incident management - processes for detecting, reporting, evaluation and response to information security incidents, treating them, and learning from information security incidents
• continuity of business - processes and / or procedures to ensure continuous business operations
• means of control / security measure - the means to manage risk, including policies, procedures, guidelines, practices or organizational structures that can be administrative, technical, management, or legal in nature
• statement of applicability - documented statement describing the objectives of the controls and controls that are relevant and applicable to the organization's ISMS