Information Technology Reference
In-Depth Information
Term
Description
Parsimony
The least complex explanation; taking great care with
resources.
Perspective
A point of view.
Policy
A document stating bounds and qualifications for
organizational behavior; they may reflect external
compliance requirements like legislation, and
internal compliance requirements like
organizational mission or values.
Possession
Information or information resource remains in the
custody of authorized personnel.
Principle
A fundamental edict or underlying faculty.
Privacy
Personal privacy is protected and relevant privacy
compliances are adhered to (e.g., Privacy Act 1974);
to be free from observation or intrusion.
Procedure
How to apply the standards to implement and
enforce policy; formal representation of a process.
Region
A group of entities (a.k.a. domains) whose
relationship is defined by physical proximity.
Domains may be grouped within a region
(physically grouped) or COI (logically grouped).
Relationship
Connecting or communicating; e.g., two entities may
have a relationship via their respective interfaces.
Remediation
The process of providing a remedy; correcting or
counteracting a gap in security, e.g., between
compliance requirement and policy or between
policy and practice.
Risk
The possibility of loss or injury.
Risk governance
Strategic decision making with respect to risk and
risk management.
Risk management
Tactical decision making and implementation of
safeguards with respect to minimizing risk.
Risk mitigation
To reduce risk.
Schema
A diagram of a framework.
Scheme
A systematic representation.
