Term
| Standard operating procedure |
|
Definition
-Account creation, Back up data storage, encryption key request
-set of processes for handling their IT operations
-important day-to-day things to be done that make sure that all of your systems and your applications remain secure |
|
|
Term
|
Definition
|
|
Term
| Business Partners Agreement (BPA) |
|
Definition
-between a manufacturer and a reseller
-Written contract between organizations that have longer term and broader relationships |
|
|
Term
| Service Level Agreement (SLA) |
|
Definition
-an agreement between two parties that dictates what the minimum level of services would be required.
-amount of up time
-response time
-anything else that needs to be a minimum level of service |
|
|
Term
| Interconnection Security Agreement (ISA) |
|
Definition
| -defines security controls, especially when different departments of the US Federal Government are connecting to each other. |
|
|
Term
| Memorandum of Understanding (MOU) |
|
Definition
-Less formal agreement
-Details something that two parties agree to but not a signed contract |
|
|
Term
|
Definition
- Mandatory vacations
- Job rotation
- Separation of duties
- Clean desk
- Background checks
- Exit interviews |
|
|
Term
|
Definition
-business requirement to take time away from work
-allows the organization to rotate other people through a job.
-opportunity to find if there’s any type of fraud or anything illegal that while a person is gone. |
|
|
Term
|
Definition
-people continually move between different responsibilities
-No single person would be in control of a particular set of job responsibilities for any extended period of time
-policy where no single person has all of the details needed to perform a particular function |
|
|
Term
|
Definition
-when you leave your desk, nothing is on top of your desk
–no paperwork
-computer is not turned on
-no one can see exposed data |
|
|
Term
|
Definition
-adverse action is something that denies someone an employment
-Whenever an adverse action has been identified, it’s something that often needs to be documented and provided to the applicant
-something organizations can commonly do with existing employees, as well |
|
|
Term
|
Definition
| -An opportunity to ask a few questions before they leave |
|
|
Term
| Role-based awareness training |
|
Definition
- Data owner
- System administrator
- System owner
- User
- Privileged user
- Executive user
- NDA
- Onboarding
- Continuing education
- Acceptable use policy/rules of behavior
- Adverse actions |
|
|
Term
| General security policies |
|
Definition
- Social media networks/applications
- Personal email |
|
|
Term
| Memorandum of Agreement (MOA) |
|
Definition
-both sides will agree to specific information
-not be a legal document with legal language, but it’s something where both sides can agree to certain terms |
|
|
Term
|
Definition
| both people must be present to be able to perform that particular function |
|
|
Term
| Non-Disclosure Agreement (NDA) |
|
Definition
| a legal contract that identifies what information is confidential, and it limits the use and dissemination of that information. |
|
|
Term
| Acceptable Use Policy (AUP) |
|
Definition
| -identifies exactly what is appropriate and what is not appropriate activity on an organization’s network |
|
|
