All About The Definitions
This is a collection of interconnected components, including hardware, software, data, people, and processes, used to collect, store, process, and distribute information to support decision-making and control within an organization
What is an Information System?
This person is responsible for the overall procurement, development, integration, modification, operation, maintenance, and disposal of a system.
What is a System Owner?
Designate a senior accountable official for risk management, senior agency official for privacy, and chief acquisition officer
The study or use of systems (especially computers and telecommunications) for storing, retrieving, and sending information.
What is Information Technology?
True/False: When evaluating the business aspect of information security, the cost of security does not have to align with the mission need.
False
Implement an enterprise architecture strategy that facilitates effective security and privacy solutions.
What is an Enterprise Architect?
It is the amount AND the type of risk that an organization is WILLING to accept based on their business objectives or needs
What is Risk Appetite?
This defined as initial (start-up) risk determination and risk acceptance decision based on a complete, zero-based review of the system or of common controls.
What is Initial Authorization?
This person is responsible for implementing, assessing and monitoring of common controls. This includes ensuring documentation of organization-defined common controls in security and privacy plans; ensuring that required assessment reports; and producing plans of actions and milestones for having decencies
What are Common Control Providers?
In a general information security context, assurance that the sender of information is provided with proof of delivery, and the recipient is provided with proof of the sender's identity, so neither can later deny having process the information
What is Non-Repudation?
The official management decision given by a senior Federal official or officials to authorize operation of an information system and to explicitly accept the risk to agency operations (including mission, functions, image, or reputation), agency assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security and privacy controls.
What is Authorization to Operate?
This is a senior official or executive with authority to formally assume responsibilities and accountability for operating a system; and is responsible for making the final decision on authorizing a system to operate, also known as an ATO, providing common controls inherited by organizational systems; or using a system, service, or application from an external provider.
What is an Authorizing Official?
The weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat score
What is a Vulnerability?
This includes an executive summary, system security plan, privacy plan, security control assessment, privacy control assessment, and any relevant plans of action and milestones.
What is an Authorization Package?
This person assist's with:
Identify the types of information to be processed, stored, and transmitted by the system
• Coordinate with the senior agency official for privacy to identify all parts of the information life
cycle for personally identifiable information
• Coordinate with system owners and provide input on protection needs, security and privacy
requirements
What is an Information Owner or Steward?