Common Terminology


The following terms describe the different controls used to mitigate risks:

  • Policy. Policies mandate safe and reliable working practices to ensure processes will operate to minimize risk to the business. They serve as a contract between employer and employees and are mandatory.

  • Process. A process is ˜what we do and clearly outlines the service and targeted deliverable . A process can be described at several levels.

  • Procedural Standard. Describes in detail how the work should be performed. Such procedural standards can be developed by an IT organization for its own use, or may be prescribed by the corporate level.

  • Technical Standard. States what tools or rules are required to be used in executing a process or procedure. The standard may be internally or externally defined. Technical solutions would be considered to be technical standards in the hierarchy of controls.

  • Guideline. Describes good practices for performing the process. These are not mandatory, unlike an SOP, or technical standard.

The Risk Management Process:

  • Risk Assessment. Identifying risks introduced as the result of a change in the business and determining the impact of these risks, and deciding whether steps need to be taken to manage them.

  • Risk Mitigation. Designing and implementing the controls needed to reduce the potential impact of the risk to an acceptable level.




Information Technology Security. Advice from Experts
Information Technology Security. Advice from Experts
ISBN: 1591402484
EAN: N/A
Year: 2004
Pages: 113

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net