A single point of access through a Web browser to business information inside and/or outside an organization.
Information quality is composed of three elements such as utility, integrity, and objectivity.
Information and related resources, such as personnel, equipment, funds, and information technology.
The rights that individuals and organizations have regarding information that pertains to them.
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability.
An embedded, integral part of the enterprise architecture that describes the structure and behavior for an enterprise’s security processes, information security systems, personnel and organizational subunits, showing their alignment with the enterprise’s mission and strategic plans.
Aggregate of directives, regulations, rules, and practices that prescribe how an organization manages, protects, and distributes information.
A formal document that provides an overview of the security requirements for an organization-wide information security program and describes the program management controls and common controls in place or planned for meeting those requirements.
A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.
An official responsible for the overall procurement, development, integration, modification, or operation and maintenance of an information system.
The ability of an information system to continue to: (1) operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover to an effective operational posture in a time frame consistent with mission needs. It supports agile defense strategy and is the same as resilience.
Individual assigned responsibility by the senior agency information security officer, authorizing official, management official, or information system owner for ensuring the appropriate operational security posture is maintained for an information system or program.
The protection afforded to information systems in order to preserve the availability, integrity, and confidentiality of the systems and information contained within the systems. Such protection is the application of the combination of all security disciplines that will, at a minimum, include communications security, emanation security, emission security, computer security, operational security, information security, personnel security, industrial security, resource protection, and physical security.
The art and science of discovering users’ information protection needs and then designing and making information systems, with economy and elegance, so they can safely resist the forces to which they may be subjected.
(1) Any equipment or interconnected system or sub-system of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information by an organization or its contractor. (2) The term IT includes computers, ancillary equipment, software, firmware, and similar procedures, services (including support services), and related resources.
An integrated framework for evolving or maintaining existing IT and acquiring new IT to achieve the organization’s strategic goals. A complete IT architecture should consist of both logical and technical components. The logical architecture provides the high-level description of the organization’s mission, functional requirements, information requirements, system components, and information flows among the components. The technical architecture defines the specific IT standards and rules used to implement the logical architecture.