Information Security Standards
Business Continuity Plan (BCP)
Download 377.5 Kb.
|
isp manual
- Bu sahifa navigatsiya:
- Custodian of Information
|
Business Continuity Plan (BCP): A plan that documents arrangements and procedures to enable an organization to respond to an event that lasts for an unacceptable period of time and return to performing its critical business functions after an interruption.
– C – Confidential Information: Information maintained by the SCO is exempt from disclosure under the provisions of the California Public Records Act (Government Code Sections 6250-6265) or other applicable state or federal laws. See SAM Section 5320.5. Critical Application: An application so important to the SCO that its loss or unavailability is unacceptable. With a critical application, even short-term unavailability of the information provided by the application would have a significant negative impact on the health and safety of the public or state workers; on the fiscal or legal integrity of SCO and/or state operations; or on the continuation of essential SCO programs. Custodian of Information: An employee or organizational unit (such as a SCO’s Information Systems Division and Department of Technology Services) acting as a caretaker of an automated file or data base. – D – Disaster Recovery Plan (DRP): The management approved document that defines the resources, actions, tasks and data required to manage the technology recovery effort. – H – Hardening:. A defense strategy to protect against attacks by removing vulnerable and unnecessary services, patching security holes, and securing access controls. – I – Information Assets: (1) All categories of hard copy and automated information, including (but not limited to) documents, images, records, files, and data bases; and (2) information technology facilities, equipment (including personal computer systems), and software owned or leased by the SCO. – N – Non-State Entity: A business, organization, or individual that is not a State entity, but requires access to SCO information assets in conducting business with the SCO. (This definition includes, but is not limited to, contractors, researchers, vendors, consultants, and their employees and entities associated with federal and local government and other states.) – O – Owner of Information: The SCO Division that prepares, collects, or utilizes an information asset to conduct the business of the SCO. – R – Risk Assessment: The process of identifying the vulnerabilities and threats to an organization by assessing the critical functions necessary for an organization to continue business operations, and defining the controls in place to reduce organization exposure and evaluating the cost for such controls. – S – Sensitive Information: Information maintained by the SCO that requires special precautions to protect it from unauthorized modification, or deletion. See SAM Section 5320.5. Download 377.5 Kb. Do'stlaringiz bilan baham: 
|