expand for answer

Integrity level

(1) A range of values of an item necessary to maintain system risks within acceptable limits. For items that perform IArelated mitigating functions, the property is the reliability with which the item must perform the mitigating function. For IAcritical items whose failure can lead to threat instantiation, the property is the limit on the frequency of that failure. (2) A range of values of a property of an item necessary to maintain risk exposure at or below its acceptability threshold.


Similar items:
A detailed process of identifying factors that could damage or disclose data, evaluating those factors in light of data value and countermeasure cost, and implementing cost-effective solutions for mitigating or reducing risk. Process of managing risks to agency operations (including mission, functions, image, or reputation), agency assets, or individuals resulting from the operation of an information system. It includes risk assessment; costbenefit analysis; the selection, implementation, and assessment of security controls; and the formal authorization to operate the system. The process considers effectiveness, efficiency, and constraints due to laws, directives, policies, or regulations. (NIST Special Pub 80053)The discipline of identifying and measuring security risks associated with an information system, and controlling and reducing those risks to an acceptable level. The goal of risk management is to invest organizational resources to mitigate security risks in a costeffective manner, while enabling timely and effective mission accomplishment. Risk management is an important aspect of information assurance and defenseindepth.
[view]
The amount of risk an organization would face if no safeguards were implemented. Threats - vulnerabilities - asset value = total risk. The potential for the occurrence of an adverse event if no mitigating action is taken (i. e. , the potential for any applicable threat to exploit a system vulnerability). See also acceptable risk, residual risk, minimum level of protection.
[view]
Isolating IAcritical, IArelated, and nonIArelated functions and entities to prevent accidental or intentional interference, compromise, and corruption. Partitioning can be implemented in hardware or software. Software partitioning can be logical or physical. Partitioning is often referred to as separability in the security community.
[view]
The process for systematically avoiding risk. Security awareness can lead to a better education staff, which can lead to certain risks being avoided.
[view]
<p>An organization’s information risk profile should include guiding principles aligned with both its strategic directives and the supporting activities of its IRMS program and capabilities. This information should be listed early in the profile to allow the reader to understand its context and intent. Common guiding principles include the following:</p><p>1. Ensure availability of key business processes including associated data and capabilities.<br></p><p>2. Provide accurate identification and evaluation of threats, vulnerabilities and their associated risk to allow business leaders and process owners to make informed risk management decisions.</p><p>3. Ensure that appropriate risk-mitigating controls are implemented and functioning properly and align with the organization’s established risk tolerances.</p><p>4. Ensure that funding and resources are allocated efficiently to ensure the highest level of information risk mitigation.</p>
[view]


There are no comments yet.

Authentication required

You must log in to post a comment.

Log in