Homepage - A - B - C - D - E-F - I - J-O - P - Q-R - S - T-Z
Embedded Files
Purpose: This document provides a list of words and definitions to clarify Information Specific (IT) terminology contained within the State of Wyoming Policies and Standards.
Applicability: This policy applies to all Executive Branch agencies, boards, and commissions staff (collectively referred to as “agencies”). This policy is also applicable to consultants, affiliates, and temporary employees.
Q: No entries at this time
R:
Recovery Point Objective (RPO): The point in time to which data must be recovered after an outage. (SOURCE: NIST SP 800-34) Recovery Procedures: Actions necessary to restore data files of an information system and computational capability after a system failure. (SOURCE: CNSSI-4009)
Recovery Time Objective (RTO): The overall length of time an information system’s components can be in the recovery phase before negatively impacting the organization’s mission or mission/business processes. (SOURCE: SP800-34)|
Red Team: A group of people authorized and organized to emulate a potential adversary’s attack or exploitation capabilities against an enterprise’s security posture. The Red Team’s objective is to improve enterprise Information Assurance by demonstrating the impacts of successful attacks and by demonstrating what works for the defenders (i.e., the Blue Team) in an operational environment. (SOURCE: CNSSI 4009-2015)
Remediation: The act of correcting a vulnerability or eliminating a threat. Three possible types of remediation are installing a patch, adjusting configuration settings, or uninstalling a software application. (SOURCE: NIST SP 800-40) The act of mitigating a vulnerability or a threat. (SOURCE: CNSSI-4009)
Remediation Plan: A plan to perform the remediation of one or more threats or vulnerabilities facing an organization’s systems. The plan typically includes options to remove threats and vulnerabilities and priorities for performing the remediation. (SOURCE: NIST SP 800-40)
Remote Access: Access to an organizational information system by a user (or an information system acting on behalf of a user) communicating through an external network (e.g., the Internet). (SOURCE: NIST SP 800-53) Access by users (or information systems) communicating external to an information system security perimeter. (SOURCE: NIST SP 800-18) The ability for an organization’s users to access its nonpublic computing resources from external locations other than the organization’s facilities. (SOURCE: NIST SP 800-46) Access to an organization's nonpublic information system by an authorized user (or an information system) communicating through an external, non-organization-controlled network (e.g., the Internet). (SOURCE: CNSSI-4009)
Removable Media: Portable electronic storage media such as magnetic, optical, and solid-state devices, which can be inserted into and removed from a computing device and used to store text, video, audio, and image information. Such devices have no independent processing capabilities. Examples include hard disks, floppy disks, zip drives, compact disks (CDs), thumb drives, pen drives, and similar USB storage devices. (SOURCE: CNSSI-4009; NIST SP 800-53) Repositories - Logically grouped code bases and libraries stored in projects.
Resilience: The ability to quickly adapt and recover from any known or unknown changes to the environment through holistic implementation of risk management, contingency, and continuity planning. (SOURCE: NIST SP 800-34) The ability to continue to: (i) operate under adverse conditions or stress, even if in a degraded or debilitated state while maintaining essential operational capabilities; and (ii) recover to an effective operational posture in a time frame consistent with mission needs. (SOURCE: NIST SP 800-137)
Revoked: This term is used to describe the removal/deletion of access associated with a user's account.
Risk: The level of impact on organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, given the potential impact of a threat and the likelihood of that threat occurring. (SOURCE: FIPS 200; NIST SP 800-60) A measure of the extent to which an affiliate is threatened by a potential circumstance or event, and typically a function of: 1. The adverse impacts that would arise if the circumstance or event occurs; and 2. The likelihood of occurrence. Note: Information system-related security risks are those risks that arise from the loss of confidentiality, integrity, or availability of information or information systems and consider the adverse impacts on organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation. (SOURCE: NIST SP 800-37; NIST SP 800-53A NIST SP 800-53; CNSSI-4009
Risk Analysis: The process of identifying the risks to system security and determining the likelihood of occurrence, the resulting impact, and the additional safeguards that mitigate this impact. Part of risk management and synonymous with risk assessment. (SOURCE: NIST SP 800-27) Examination of information to identify the risk to an information system. See Risk Assessment. (SOURCE: CNSSI-4009)
Risk Assessment: The process of identifying risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation arising through the operation of an information system. Part of risk management incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Synonymous with risk analysis. (SOURCE: NIST SP 800-53; NIST SP 800-53A; NIST SP 80037) The process of identifying, prioritizing, and estimating risks. This includes determining the extent to which adverse circumstances or events could impact an enterprise. Uses the results of threat and vulnerability assessments to identify risk to organizational operations and evaluates those risks in terms of likelihood of occurrence and impacts if they occur. The product of a risk assessment is a list of estimated potential impacts and unmitigated vulnerabilities. Risk assessment is part of risk management and is conducted throughout the Risk Management Framework (RMF). (SOURCE: CNSSI-4009)
Risk Management: The process of managing risks to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation of an information system, and includes: 1. The conduct of a risk assessment; 2. The implementation of a risk mitigation strategy; and 3. Employment of techniques and procedures for the continuous monitoring of the security state of the information system. (SOURCE: NIST SP 800-53; NIST SP 800-53A; NIST SP 800-37; CNSSI-4009; NIST SP 800-82; NIST SP 800-34) The process of managing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals resulting from the operation of an information system, and includes: 1. The conduct of a risk assessment; 2. The implementation of a risk mitigation strategy; and 3. Employment of techniques and procedures for the continuous monitoring of the security state of the information system. (SOURCE: FIPS 200) The program and supporting processes to manage information security risk to organizational operations (including mission, functions, image, reputation), organizational assets, individuals, other organizations, and the Nation, and includes: (i) establishing the context for risk-related activities; (ii) assessing risk; (iii) responding to risk once determined; and (iv) monitoring risk over time. (SOURCE: NIST SP 800-39)
Risk Mitigation: Prioritizing, evaluating, and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process. (SOURCE: CNSSI-4009; NIST SP 800-30; NIST SP 800-39)
Page updated
Report abuse