8.6. Terms and Concepts

security plan, 493Risk analysis, 506
policy, 493Risk impact, 506
requirement, 495problem, 506
constraint, 495avoided risk, 506
control, 495transferred risk, 506
requirement qualities:assumed risk, 506

correctness, 496

consistency, 496

realism, 496

need, 496

verifiability, 496

traceability, 496

schedule, 497

plan review, 498

plan timetable, 498		 Risk leverage, 507 assets:

hardware, 509

software, 509

data, 509

documentation, 509

supplies, 509

infrastructure, 509

human assets, 509

security planning team, 499 management commitment to security plan, 499Hazard and operability studies (HAZOP), 510 fault tree analysis (FTA), 510
business continuity plan, 500 incident response plan, 503failure modes and effects analysis (FMEA), 510
attributes contributing ...

Get Security in Computing, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial