Aup Security Plus

Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.

The user who is accountable and responsible for the network.

A calculation used to identify risks and calculate the expected monetary loss each year.

The probability of an event occurring within a year.

Annualized rate of occurrence

Any resource of economic value that you want to secure and protect.

Files that hold information about audit events.

Acceptable use policy

Duplicate copies of key information, ideally stored in a location other than the one where the information is stored currently.

A documented plan governing backup situations.

A set of rules governing basic operations based on methods that have consistently shown superior results over those achieved by other means.

Business impact analysis

The process of evaluating all critical systems in an organization to define impact and recovery plans.

The structured approach followed to modify individuals or teams for securing a company's assets.

A part of a client/server network where computing is done. In a typical setting, a client uses the server for remote storage, backups, or security (such as a firewall).

Hosting services and data on the Internet instead of hosting it locally.

An agreement between individuals to commit fraud or deceit.

The administration of setup and configuration changes.

The ability to recover data after a disaster.

A plan outlining the procedure by which data is recovered after a disaster.

A process of keeping identical copies of data on two disks to prevent the loss of data if one disk fails.

A process of writing data to multiple disks simultaneously in small portions called stripes.

A fault-tolerance solution of writing data across a number of disks and recording the parity on another. In the event any one disk fails, the data on it can be re-created by looking at the remaining data and computing parity to figure out the missing data.

Disaster recovery plan

Exposure factor

A feature in NTFS on Windows-based operating systems that allows for file system-level encryption to be applied.

Any noticeable action or occurrence.

A calculation of how much data (or other assets) could be lost from a single occurrence. If all the data on the network could be jeopardized by a single attack, the calculation is 100 percent.

A threat that originates from outside the company.

The process of reconstructing a system or switching over to other systems when a failure is detected.

An error in which you are not alerted to a situation when you should be alerted due to which, you miss crucial things.

A flagged event that isn't really an event and has been falsely triggered.

The ability to withstand a fault (failure) without losing data.

Measures used to keep services and systems operational during an outage.

A two-step process of identifying a person (usually when they log on) and authenticating them by challenging their claim to access a resource.

A process to identify, analyze, and correct threats to prevent future re-occurrence.

Time required by users to take away from work to refresh.

The measure of the anticipated incidence of failure of a system or component.

Measurement of how long it takes to repair a system or component once a failure occurs.

Average time to failure for a non-repairable system.

Mean time to repair

An agency (formerly known as the National Bureau of Standards(NBS)) that has been involved in developing and supporting standards for the U.S. government for over 100 years. It has become involved in cryptography standards, systems, and technology in a variety of areas. It's primarily concerned with governmental systems, where it exercises a great deal of influence.

Rules or stands governing usage. These are typically high level in nature.

Defines what controls are required to implement and maintain the sanctity of data privacy in the work environment.

Redundant Array of Independent (or Inexpensive) Disks

A set of RAID configurations that consists of striping, mirroring, or parity.

Defines the point at which the system needs to be restored.

Maximum amount of time that a process or service is allowed to be down and consequences still be considered acceptable.

Refers to systems that either are duplicated or failover to other systems in the event of a malfunction.

A configuration of multiple hard disks used to provide fault tolerance, should a disk fails, or gains in efficiency. Different levels exist.

The process of copying directory information to other servers to keep them all synchronized.

The choice you must make when the cost of implementing any of the other four choices exceeds the value of the harm that would occur if the risk came to fruition.

An evaluation of each risk that can be identified. Each risk should be outlined, described, and evaluated on the likelihood of it occurring.

Deals with the threats, vulnerabilities, and impacts of a loss of information-processing capabilities or a loss of information itself.

Involves identifying a risk and making the decision to no longer engage in the actions associated with that risk.

Weighs a potential threat against the likelihood or probability of it occurring.

Involves understanding about the enemy and letting them know the harm that can come their way if they cause harm to you.

Accomplished any time you take steps to reduce risk.

Involves sharing some of the risk burden with someone else, such as an insurance company.

Rules set in place by a company to ensure the security of a network. These may include how often a password must be changed or how many characters a password should be.

A computer that provides resources to clients on the network.

A cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack.

Ways in which an attacker poses a threat.

A device that can provide short-term power, usually be using batteries.

A person using a computer or network or a resource.

A weakness that could be exploited by a threat.