Contribute to the Glossary!

The understanding and execution of the corporate data classification strategy by employees.

The existence of a procedure for destroying data within the organization.

The facilities that provides the organization the ability for transaction tracking and notification of data changes 

An Act within the United Kingdom  for the regulation of the processing of information relating to individuals, including the obtaining, holding, use or disclosure of such information

Tools and techniques for managing access to the data repositories for the organization.

The facilities that provide detective control sets for identifying modifications to access for data repositories of the organization

This US federal directive establishes the security policy and procedures for storing, processing, and communicating classified intelligence information in information systems.

Occurs when an entity can prevent legitimate entities from using the normal functionality of a system

Control type that reports when an entity attempts to access a resource or perform an action that they are not authorized to do

This attack is a preverbal coin toss between the attacker, who is entering passwords at random, and your security system.

A regulation of the United Kingdom that mandates that service providers can not discriminate against people because of their disabilities.

Documented procedures to recover from a disaster that are appropriate and practiced within the organization

A means of restricting access to Resources based on the identity of persons and/or groups to which they belong. The controls are discretionary in the sense that a person with certain access permission is capable of passing that permission (perhaps indirectly) on to any other person (unless restrained by Mandatory Access Control). An example of DAC would be the access awarded to the payroll department to view payroll information

A service used by computer systems to convert human readable names of hosts to IP addresses