The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Security, Definition

Adequate security

Revision as of 05:43, 3 December 2016 by Mdscott (talk | contribs) (→‎Definitions)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Edit

Definitions[]

Adequate security is

security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications used by the agency operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls.[1]
protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to, or modification of information.[2]
[a] set of minimum security requirements that the system is expected to meet.[3]

References[]

  1. OMB Circular No. A-130, App. III, (A)(2)(a); NIST Special Publication 800-53; FIPS 200.
  2. DFARS Clause 252.204-7012(a).
  3. Principles for Cybersecurity and Critical Infrastructure Protection, at 113.
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement