Information security, sometimes shortened to infosec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or at least reducing the probability of unauthorized/inappropriate access to data, or the unlawful use, disclosure, disruption, deletion, corruption, modification, inspection, recording or devaluation of information. It also involves actions intended to reduce the adverse impacts of such incidents. Protected information may take any form, e.g. electronic or physical, tangible or intangible. Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a structured risk management process that involves:
The Sarbanes–Oxley Act of 2002, also known as the "Public Company Accounting Reform and Investor Protection Act" and "Corporate and Auditing Accountability, Responsibility, and Transparency Act" and more commonly called Sarbanes–Oxley or SOX, is a United States federal law that set new or expanded requirements for all U.S. public company boards, management and public accounting firms. A number of provisions of the Act also apply to privately held companies, such as the willful destruction of evidence to impede a federal investigation.
The Bureau of Industry and Security (BIS) is an agency of the United States Department of Commerce that deals with issues involving national security and high technology. A principal goal for the bureau is helping stop the proliferation of weapons of mass destruction, while furthering the growth of United States exports. The Bureau is led by the Under Secretary of Commerce for Industry and Security.
The International Trade Administration (ITA) is an agency in the United States Department of Commerce that promotes United States exports of nonagricultural U.S. services and goods.
An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon" It also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditing has become such a ubiquitous phenomenon in the corporate and the public sector that academics have started identifying an "Audit Society". Auditors perceive and recognize the propositions before them for examination, obtain evidence, evaluate the same and formulate an opinion on the basis of their judgement which is communicated through their auditing report.
International Traffic in Arms Regulations (ITAR) is a United States regulatory regime to restrict and control the export of defense and military related technologies to safeguard U.S. national security and further U.S. foreign policy objectives.
Export of cryptographic technology and devices from the United States was severely restricted by U.S. law until 1992. The law gradually became eased until around 2000, but some restrictions still remain today.
In politics, diplomacy and export control, "dual-use" refers to technology that can be used for both peaceful and military aims.
In general, compliance means conforming to a rule, such as a specification, policy, standard or law. Regulatory compliance describes the goal that organizations aspire to achieve in their efforts to ensure that they are aware of and take steps to comply with relevant laws, policies, and regulations. Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. This approach is used to ensure that all necessary governance requirements can be met without the unnecessary duplication of effort and activity from resources.
Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.
Compliance training refers to the process of educating employees on laws, regulations and company policies that apply to their day-to-day job responsibilities. An organization that engages in compliance training typically hopes to accomplish several goals: (1) avoiding and detecting violations by employees that could lead to legal liability for the organization; (2) creating a more hospitable and respectful workplace; (3) laying the groundwork for a partial or complete defense in the event that employee wrongdoing occurs despite the organization's training efforts; and (4) adding business value and a competitive advantage.
Since about 1970, several major business and government excesses were seen in the United States to generate subsequent legal, public and political reaction. The Foreign Corrupt Practices Act is perhaps the legislation with the most significant influence in the development of ethics and compliance programs; similar ideas are encoded in the Committee of Sponsoring Organizations, and the Federal Sentencing Guidelines.
The Payment Card Industry Data Security Standard is an information security standard for organizations that handle branded credit cards from the major card schemes.
Information technology risk, IT risk, IT-related risk, or cyber risk is any risk related to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.
In the United States, a foreign-trade zone (FTZ) is a geographical area, in a United States Port of Entry, where commercial merchandise, both domestic and foreign receives the same Customs treatment it would if it were outside the commerce of the United States. The purpose of such zones is to help American businesses to be competitive in the global economy by reducing tariff burdens on the importation of foreign inputs and on exported finished products. Another definition of an FTZ states that it is an isolated, enclosed and policed area operated as a public utility, furnished with facilities for loading, unloading, handling, storing, manipulating, manufacturing and exhibiting goods and for reshipping them by land, water or air. Merchandise of every description may be held in the zone without being subject to tariffs and other ad valorem taxes. This tariff and tax relief is designed to lower the costs of U.S.-based operations engaged in international trade and thereby create and retain the employment and capital investment opportunities that result from those operations.
Offsets can be defined as provisions to an import agreement, between an exporting foreign company, or possibly a government acting as intermediary, and an importing public entity. The incentive for the exporter results from the conditioning of the core transaction to the acceptance of the offset obligation. Offset agreements often involve trade in military goods and services and are alternatively called: industrial compensations, industrial cooperation, offsets, industrial and regional benefits, balances, juste retour or equilibrium, to define mechanisms more complex than counter-trade. Counter-trade can also be considered one of the many forms of defense offset, to compensate a purchasing country.
The Bureau of Indian Standards (BIS) is the national Standards Body of India working under the aegis of Ministry of Consumer Affairs, Food & Public Distribution, Government of India. It is established by the Bureau of Indian Standards Act, 1986 which came into effect on 23 December 1986. The Minister in charge of the Ministry or Department having administrative control of the BIS is the ex-officio President of the BIS.
Denied Trade Screening AKA: Denied Party Screening, Sanction Party Screening Denied Trade Lists: lists created and compiled by government authorities/agencies and/or organizations that warn its members/citizens/business to either beware or refrain from interacting with those individuals or entities on the lists. Further, these lists act as the foundation of establishing either notification or direct prohibition of those under the issuing authority not to contact or interact, either by communication or by business transactions or by social transactions. AKA: Denied Party Lists (DPL), Sanction Party Lists (SPL)
The Office of Export Enforcement (OEE) is a part of the United States Department of Commerce, Bureau of Industry and Security.
The US Department of Commerce Office of Security is a division of the US Department of Commerce (DOC) that works to provide security services for facilities of the department. Its aim is to provide policies, programs, and oversight as it collaborates with facility managers to mitigate terrorism risks to DOC personnel and facilities, program managers to mitigate espionage risks to DOC personnel, information, and facilities, and Department and Bureau leadership to increase emergency preparedness for DOC operations.
