expand for answer
Information in identifiable form
Information in an IT system or online collection that (i) directly identifies an individual (e. g. , name, address, Social Security number, or other identifying number or code, telephone number, email address, etc. ); or (ii) by which an agency intends to identify specific individuals in conjunction with other data elements, i. e. , indirect identification. These data elements may include a combination of gender, race, birth date, geographic indicator, and other descriptors.
Similar items:
A channel that conveys information by writing data to a common storage area where another process can read it. A covert channel that involves the direct or indirect writing of a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource that is shared by two subjects at different security levels. Covert channel involving the direct or indirect writing to a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a finite resource (e. g. , sectors on a disk) that is shared by two subjects at different security levels.
[view]
[view]
A detailed process of identifying factors that could damage or disclose data, evaluating those factors in light of data value and countermeasure cost, and implementing cost-effective solutions for mitigating or reducing risk. Process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; costbenefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations. (NIST Special Pub 80053)The discipline of identifying and measuring security risks associated with an information system, and controlling and reducing those risks to an acceptable level. The goal of risk management is to invest organizational resources to mitigate security risks in a costeffective manner, while enabling timely and effective mission accomplishment. Risk management is an important aspect of information assurance and defenseindepth.
[view]
[view]
A set of information that at least: identifies the certification authority issuing the certificate; unambiguously names or identifies its owner; contains the owner’s public key and is digitally signed by the certification authority issuing it. Digitally signed document that binds a public key with an identity. The certificate contains, at a minimum, the identity of the issuing Certification Authority, the user identification information, and the user’s public key. Endorsed copy of an individual’s public key that verifies their identity.
[view]
[view]
Any information system (including any telecommunications system) used or operated by an agency or by a contractor of any agency, or other organization on behalf of an agency, the function, operation, or use of which: I. involves intelligence activities; II. Involves cryptologic activities related to national security; III. Involves command and control of military forces; IV. Involves equipment that is an integral part of a weapon or weapon system; or V. subject to subparagraph (B), is critical to the direct fulfillment of military or intelligence missions; or is protected at all times by procedures established for information that have been specifically authorized under criteria established by an Executive Order or an Act of Congress to be kept classified in the interest of national defense or foreign policy. (B). Does not include a system that is to be used for routine administrative and business applications (including payroll, finance, logistics, and personnel management applications). (Title 44 U. S. Code Section 3542, Federal Information Security Management Act of 2002. )Any information system (including any telecommunications system) used or operated by an organization or by a contractor of the organization, or by other organization on behalf of the organization: (1) the function, operation, or use of which involves intelligence activities; involves cryptologic activities related to national security; involves command and control of military forces; involves equipment that is an integral part of a weapon or weapons system; or is critical to the direct fulfillment of military or intelligence missions (excluding a system that is to be used for routine administrative and business applications, for example, payroll, finance, logistics, and personnel management applications); or (2) is protected at all times by procedures established for information that have been specifically authorized under criteria estab
[view]
[view]
Title II, Subtitle F of HIPAA, which gives HHS the authority to mandate the use of standards for the electronic exchange of healthcare data; to specify what medical and administrative code sets should be used within those standards; to require the use of national identification systems for healthcare patients, providers, payers (or plans), and employers (or sponsors); and to specify the types of measures required to protect the security and privacy of personally identifiable healthcare information. This is also the name of Title II, Subtitle F, Part C of HIPAA.
[view]
[view]
There are no comments yet.