A user that is authorized (and, therefore, trusted) to perform security relevant functions that ordinary users are not authorized to perform.

The prevention of unauthorized use of a resource, including the prevention of use of a resource in an unauthorized manner. Access Authority -

A category within a given security classification limiting entry or system connectivity to only authorized persons.  Audit -

The process of verifying the identity or other attributes claimed by or assumed of an entity (user, process, or device), or to verify the source and integrity of data.

The minimum security controls required for safeguarding an IT system based on its identified needs for confidentiality, integrity, and/or availability protection. Biometric

The set of data that documents the information system’s adherence to the security controls applied. Business Continuity Plan (BCP)

An analysis of an information system’s requirements, functions, and interdependencies used to characterize system contingency requirements and priorities in the event of a significant disruption.

  The property that information is not made available or disclosed to unauthorized individuals, entities, or processes. Chain of Custody

A process and record that shows who obtained the evidence; where and when the evidence was obtained; who secured the evidence; and who had control or possession of the evidence.  The “sequencing” of t [..]

Management policy and procedures used to guide an enterprise response to a perceived loss of mission capability.  The Contingency Plan is the first plan used by the enterprise risk managers to determi [..]