expand for answer
Minimum level of protection
The reduction in the total risk that results from the impact of inplace safeguards. See also total risk, acceptable risk, residual risk.
Similar items:
(1) A program whereby a laboratory demonstrates that something is operating under accepted standards to ensure quality assurance. (2) A management or administrative process of accepting a specific site installation/implementation for operational use based upon evaluations and certifications. (3) A formal declaration by a Designated Approving Authority (DAA) that the AIS is approved to operate in a particular security mode using a prescribed set of safeguards. Accreditation is the official management authorization for operation of an AIS and is based on the certification process as well as other management considerations. The accreditation statement affixes security responsibility with the DAA and shows that due care has been taken for security. (4) Formal declaration by a (DAA) that an information system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk. Formal declaration by a Designated Accrediting Authority (DAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards. (. See security safeguards. )The formal declaration by the Designated Approving Authority (DAA) that an IT system is approved to operate in a particular security mode using a prescribed set of safeguards at an acceptable level of risk.
[view]
[view]
The level of residual risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT system. See also total risk, residual risk, and minimum level of protection.
[view]
[view]
The amount of risk an organization would face if no safeguards were implemented. Threats - vulnerabilities - asset value = total risk. The potential for the occurrence of an adverse event if no mitigating action is taken (i. e. , the potential for any applicable threat to exploit a system vulnerability). See also acceptable risk, residual risk, minimum level of protection.
[view]
[view]
Portion of risk remaining after security measures have been applied. Risk that comprises specific threats to specific assets against which upper management chooses not to implement a safeguard. In other words, residual risk is the risk that management has chosen to accept rather than mitigate.
[view]
[view]
Residual information remaining on storage media after clearing. (. See magnetic remanence and clearing. )The residual magnetism that remains on magnetic storage media after degaussing.
[view]
[view]
There are no comments yet.