The following acronyms and terms are used in this chapter. For the explanation and definition purpose of this chapter, these acronyms and terms are defined as follows:
A term that typically accompanies an accounting or auditing firm that conforms to a specific and formal methodology and definition for how an investigation is to be conducted with specific reporting elements and metrics being examined (such as a financial audit according to Public Accounting and Auditing Guidelines and Procedures).
An evaluation and/or valuation of IT assets based on predefined measurement or evaluation criteria. This does not typically require an accounting or auditing firm to conduct an assessment such as a risk or vulnerability assessment.
A legal term that denies or disavows the user’s legal claim of warranty of the product, hardware, or software.
A legal term that protects and indemnifies the organization from external incidents, consequences, or other certain damages that may arise from the use of the organization’s hardware or software.
A remote and secure data center that replicates the production IT infrastructure, systems, applications, and backup data of the production environment.
Information technology.
Information technology asset such as hardware or software or data.
The act of putting a criticality factor or importance value (Critical, Major, or Minor) in an IT asset.
The act of putting a monetary value to an IT asset.
A general term to encompass all information technology assets (hardware, software, data), components, systems, applications, and resources.
A document that defines the policies, standards, procedures, and guidelines for information security.
A rule of conduct or action prescribed or formally recognized as binding or enforced by a controlling authority (U.S. federal government, state government, and so on).
A legal term that limits the organization from the amount of financial liability and the limitation of the remedies the organization is legally willing to take on.
A legal term that defines but limits the written guarantee of the integrity of a product and of the maker’s responsibility for the repair or replacement of defective parts.
A formal order from a superior court or official to an inferior one, such as a mandate from the U.S. federal government to state government.
A weighted factor or nonmonetary evaluation and analysis that is based on a weighting or criticality factor valuation as part of the evaluation or analysis.
A numerical evaluation and analysis that is based on monetary or dollar valuation as part of the evaluation or analysis.
How a law or mandate is implemented.
The exposure or potential for loss or damage to IT assets within that IT infrastructure.
A process for evaluating the exposure or potential loss or damage to the IT and data assets for an organization.
The overall responsibility and management of risk within an organization. Risk management is the responsibility and dissemination of roles, responsibilities, and accountabilities for risk in an organization.
Any agent, condition, or circumstance that could potentially cause harm, loss, damage, or compromise to an IT asset or data asset.
A weakness in the IT infrastructure or IT components that may be exploited for a threat to destroy, damage, or compromise an IT asset.
A methodical evaluation of an organization’s IT weaknesses of infrastructure components and assets and how those weaknesses can be mitigated through proper security controls and recommendations to remediate exposure to risks, threats, and vulnerabilities.