adequate security [English]


Syndetic Relationships

InterPARES Definition

n. ~ Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information (OMB A-130, 2000).

Other Definitions

  • OMB A-130 2000 (†731 Appendix III): Security commensurate with the risk and magnitude of the harm resulting from the loss, misuse, or unauthorized access to or modification of information. This includes assuring that systems and applications used by the agency operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls.
  • RFC 4949 (†591 ): "Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information." (See: acceptable risk, residual risk.) [US DoD]

Citations

  • CNSS-4009 (†730 p.2): Security commensurate with the risk and magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information. Note: This includes assuring that information systems operate effectively and provide appropriate confidentiality, integrity, and availability, through the use of cost-effective management, personnel, operational, and technical controls. (†1722)
  • NIST 2013 (†734 p. B-1): Security commensurate with the risk resulting from the loss, misuse, or unauthorized access to or modification of information. [OMB Circular A-130, Appendix III, Adapted] (†1844)
  • NIST 2013 (†734 p. E-2): Achieving adequate security for organizational information systems requires the correct combination of both functionality- and assurance-related security controls. (†1847)
  • NIST SP800-128 2011 (†732 p. 6): It is incumbent upon the organization to implement its directives in a manner that provides adequate security for protecting information and information systems. As threats continue to evolve in an environment where organizations have finite resources with which to protect themselves, security has become a risk-based activity where the operational and economic costs of ensuring that a particular threat does not exploit a vulnerability are balanced against the needs of the organization’s mission and business processes. (†1679)
  • OMB A-130 2000 (†731 ): [Agencies must] apply OMB policies and, for non-national security applications, NIST guidance to achieve adequate security commensurate with the level of risk and magnitude of harm. (†1677)