
~ 林家瑋 (Ray Lin), 志工教練, CISSP, AWS-SAP, MCASAE, MPP-AI, PMP, RMP, PBA, ACP, AHPP, CSM, SMAC
Data governance initiatives improve quality of data by assigning a team responsible for data’s accuracy, completeness, consistency, timeliness, validity, and uniqueness.
While data governance initiatives can be driven by a desire to improve data quality, they are more often driven by C-level leaders responding to external regulations.
https://en.wikipedia.org/wiki/Data_governance
A system is the “combination of interacting elements organized to achieve one or more stated purposes.” (ISO/IEC 15288: 2015)
“The systems considered in this International Standard are man-made, created and utilized to provide products or services in defined environments for the benefit of users and other stakeholders. These systems may be configured with one or more of the following system elements: hardware, software, data, humans, processes (e.g., processes for providing service to users), procedures (e.g., operator instructions), facilities, materials and naturally occurring entities. As viewed by the user, they are thought of as products or services.” (ISO/IEC 15288: 2015)
“Information system” means a discrete set of information resources organized for the
collection, processing, maintenance, use, sharing, dissemination, or disposition of
information; (44 U.S.C., Sec. 3502)
An information system refers to the “organized collection of hardware, software, supplies, policies, procedures and people that stores, processes and provides access to information.” (ISO/TS 22220)
Asset means “anything that has value to the organization.”
Note 1 to entry: In the context of information security, two kinds of assets can be distinguished:
the primary assets:
— information;
— business processes and activities;
the supporting assets (on which the primary assets rely) of all types, for example:
— hardware;
— software;
— network;
— personnel;
— site;
— organization’s structure.
(ISO/IEC 27002:2022)
“cybersecurity” means prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. (NSPD-54/HSPD-23)
The process of protecting information by preventing, detecting, and responding to attacks. (NIST Cybersecurity Framework Version 1.1)
Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. (CNSSI 4009)
Note: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.
The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. (44 U.S.C., Sec. 3542)