Assurance
Talk0
23,527pages on
this wiki
this wiki
Contents |
Definitions 
Edit
Computer security Edit
Assurance is
| “ | the basis for confidence that the security measures, both technical and operational, work as intended to protect the system and the information it processes.[1] | ” |
| “ | [g]rounds for confidence that the set of intended security controls in an information technology (IT) and industrial control system (ICS) are effective in their application.[2] | ” |
| “ | [the] [m]easure of confidence that the security features, practices procedures and architecture of an IT system accurately mediates and enforces the security policy.[3] | ” |
Evidence Edit
Assurance is a measure of certainty that a statement or fact is true.
Security Edit
Assurance is "[g]rounds for confidence that a deliverable meets its security objectives."[4]
System design Edit
Assurance is
| “ | confidence that a system design meets its requirements, or that its implementation meets its specification, or that some specific property is satisfied.[5] | ” |
References Edit
- ↑ NIST Special Publication 800-33, at 3.
- ↑ Electricity Subsector Cybersecurity Risk Management Process, at 61.
- ↑ DoD Instruction 5200.40, at 8 (E2.1.5).
- ↑ ISO/IEC 15408-1.
- ↑ Trust in Cyberspace, at 300; Cryptography’s Role in Securing the Information Society, App. B, Glossary, at 353.
