KKI - Information Security Managment System (ISMS)
Vision
Establishment
Procedures
Implementation
Monitoring
Messages
About ISMS
Why ISMS
Implementation
Role of Mgt.
Training
Security Forum
Success Factors
PDCA Model
Learn ISMS

Risk Acceptance:
Risk acceptance is part of the risk treatment decision making process. Risk acceptance means that you have decided that you can live with a particular risk.

Availability:
Term availability applies to assets. An asset is available if it’s accessible and usable when needed by an authorized entity. All assets must be available to authorized entities when they need to access or use them.

Confidentiality:
Term confidentiality applies to information. To protect and preserve the confidentiality of information means to ensure that it is not made available or disclosed to unauthorized entities. In this context, entities included both individuals and processes.

Integrity:
To preserve the Integrity of information means to protect the accuracy and completeness of information and the methods that are used to process and manage it.

Threat:
A threat is a potential event. When a threat turns into an actual event, it may cause an unwanted incident. It is unwanted because the incident may harm an organization or a system.

Vulnerability
Vulnerability is a weakness in an asset or group of assets. An asset’s weakness could allow it to be exploited and harmed by one more threats.

Controls:
A control is any administrative, management, technical, or legal method that is used to manage risk. Controls are safeguards or countermeasures. Controls include things like practice, policies, procedures, programs, techniques, technologies, guidelines, and organizational structures.

Requirement:
A requirement is a need, expectation, or obligation. It can be stated or implied by an organization, its customers, or other interested parties. There are many types of requirements. Some of these include security requirements, contractual requirements, management requirements, regulatory requirement, and legal requirements.

Corrective Actions:
Corrective actions are steps that are taken to address existing nonconformities and make improvements. Corrective actions deal with actual nonconformities (problems), ones that have already occurred. They solve existing problems by removing their causes. In general, the corrective action process can be thought of as a problem solving process.

Preventive Actions:
Preventive actions are steps that are taken to avoid potential nonconformities and make improvements. Preventive actions address potential non conformities (problems), ones that haven’t yet occurred. Preventive actions prevent the occurrence of problems by removing their causes. In general, the preventive action process can be thought of as a risk management process.

Information Security Event:
An information security event indicates that the security of an information system or network may have been breached or compromised. An information security event indicates that an information security policy may have been violated or a safeguard may have failed.

Information Security Incident:
An information security incident is made up one or more unwanted or unexpected information security events that could very likely compromise the security of your information and weaken or impair your business operations.

Management Review:
The purpose of a management review is to evaluate the overall performance of an organization’s information security management system and to identify improvement opportunities.




Enlarge