Contribute to the Glossary!

The Sarbanes-Oxley Act of 2002, was signed into law by US President George W. Bush and became effective on July 30, 2002.The Act contains major changes for publicly traded securities, auditors, corporate board members, and lawyers. It focuses on identifying and then  punishing people who perform corporate fraud and corruption.

A set of processes, subsystems, and people that lead to effective & efficient operations, reliable financial reporting, and compliance with laws & regs.

In 2003, the OMB issued Guidance for implementing Section 208, the Privacy Provisions of the E-Government Act of 2002. This update deals with the posting of privacy policies, use of tracking technologies, and parental consent requirements. Agencies were to submit a report of their compliance plans annually.

Section 508 of the Rehabilitation Act Amendments of 1998 requires all US federal agencies to make their information technology accessible to their employees and customers with disabilities.

Formal, structure, and consistent procedures by which employees manage data during the performance of their daily tasks.

Tools and techniques for objectively and consistently applying security during the process of software development.

The documented repeatable process for building, deploying, updating, and decommissioning computer systems

Tools that enforce the concept of “Least Privilege” for material that is housed in centralized, shared storage. 

The role of the security architect is to act as a conduit between related, yet different disciplines, while maintaining a focus on security. One or more individuals who possess the ability to accumulate and comprehend information, process it, formulate solutions that conform to the security policies of the organization, and communicate them to the target audience in an understandable manner.

Policies, procedures, and guidelines that represent the ideal security state of the organization. This is the basis for all security work within the project portfolio and the roles and responsibilities

An ability to measure conformance with documented security policies.

The encapsulation of an organization's security strategy.

A prioritized listing of projects based on risk that a security office will undertake

A concept that no single individual has controls over two or more phases of a transaction or operation, so that a deliberate fraud or damage is more difficult to occur.

The structured process used to objectively measure the quality and security of software prior to deployment.

The act of assuming the identity of an entity that preferably has access to a wanted resource or can perform a requested action

When a third party pries into a system and gathers knowledge without the system ever discovering them, all the while reporting back to the party and giving up you unique data.

Mechanisms to automate the process of monitoring and recording events that occur throughout the facilities of the organization.

A record of transactions that have be executed on a given system.

Procedures for adding, changing, and deleting access to systems within the environment. 

A set of processes, subsystems, and people that lead to effective & efficient operations, reliable financial reporting, and compliance with laws & regs

The existence of a documented SDLC that includes the inclusion of appropriate security controls such as checkpoints, secure code review, and developer training