Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information. The information or data may take any form, e.g. electronic or physical. Information security's primary focus is the balanced protection of the confidentiality, integrity and availability of data while maintaining a focus on efficient policy implementation, all without hampering organization productivity. This is largely achieved through a multi-step risk management process that identifies assets, threat sources, vulnerabilities, potential impacts, and possible controls, followed by assessment of the effectiveness of the risk management plan.
The ISO 9000 family of quality management systems (QMS) standards is designed to help organisations ensure that they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of quality management systems, including the seven quality management principles upon which the family of standards is based.
ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill.
Software maintenance in software engineering is the modification of a software product after delivery to correct faults, to improve performance or other attributes.
A software requirements specification (SRS) is a description of a software system to be developed. It is modeled after business requirements specification (CONOPS), also known as a stakeholder requirements specification (StRS). The software requirements specification lays out functional and non-functional requirements, and it may include a set of use cases that describe user interactions that the software must provide.
In the context of software engineering, software quality refers to two related but distinct notions:
ISO/IEC 9126 Software engineering — Product quality was an international standard for the evaluation of software quality. It has been replaced by ISO/IEC 25010:2011.
Reliability engineering is a sub-discipline of systems engineering that emphasizes dependability in the lifecycle management of a product. Dependability, or reliability, describes the ability of a system or component to function under stated conditions for a specified period of time. Reliability is closely related to availability, which is typically described as the ability of a component or system to function at a specified moment or interval of time.
Given organizations' increasing dependency on information technology to run their operations, Business continuity planning covers the entire organization, and Disaster recovery focuses on IT.
Commercial off-the-shelf or commercially available off-the-shelf (COTS) products are packaged solutions which are then adapted to satisfy the needs of the purchasing organization, rather than the commissioning of custom-made, or bespoke, solutions. A related term, Mil-COTS, refers to COTS products for use by the U.S. military.
Note: Parts of this article are written from the perspective of aircraft safety analysis techniques and definitions; these may not represent current best practice and the article needs to be updated to represent a more generic description of hazard analysis and discussion of more modern standards and techniques.
Cybersecurity standards are techniques generally set forth in published materials that attempt to protect the cyber environment of a user or organization. This environment includes users themselves, networks, devices, all software, processes,
information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. The principal objective is to reduce the risks, including prevention or mitigation of cyber-attacks. These published materials consist of collections of tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance and technologies.
Business process interoperability (BPI) is a property referring to the ability of diverse business processes to work together, to so called "inter-operate". It is a state that exists when a business process can meet a specific objective automatically utilizing essential human labor only. Typically, BPI is present when a process conforms to standards that enable it to achieve its objective regardless of ownership, location, make, version or design of the computer systems used.
Reliability-centered maintenance (RCM) is a process to ensure that systems continue to do what their user require in their present operating context. It is generally used to achieve improvements in fields such as the establishment of safe minimum levels of maintenance. Successful implementation of RCM will lead to increase in cost effectiveness, reliability, machine uptime, and a greater understanding of the level of risk that the organization is managing. It is defined by the technical standard SAE JA1011, Evaluation Criteria for RCM Processes.(Article 5277)
Software quality management (SQM) is a management process that aims to develop and manage the quality of software in such a way so as the best ensure the product meets the quality standards expected by the customer while also meeting any necessary regulatory and developer requirements, if any. Software quality managers require software to be tested before it is released to the market, and they do this using a cyclical process-based quality assessment in order to reveal and fix bugs before release. Their job is not only to ensure their software is in good shape for the consumer but also to encourage a culture of quality throughout the enterprise.
International standards in the ISO/IEC 19770 family of standards for IT asset management (ITAM) address both the processes and technology for managing software assets and related IT assets. Broadly speaking, the standard family belongs to the set of Software Asset Management standards and is integrated with other Management System Standards.
The Consortium for IT Software Quality (CISQ) is an IT leadership group that develops international standards for automating the measurement of software from source code to reduce cost and risk. This includes automated measures of software size, software quality, and technical debt. The consortium was launched to address the challenge of standardizing the measurement of software quality and to promote a market-based ecosystem to support its deployment. The standards developed by CISQ enable IT and business leaders to measure the risk IT applications pose to the business and estimate the cost of ownership. Members are IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors.
SQALE is a method to support the evaluation of a software application source code. It is a generic method, independent of the language and source code analysis tools, licensed under the Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported license. Software editors can freely use and implement the SQALE method.
Software reliability testing is a field of software testing that relates to testing a software's ability to function, given environmental conditions, for a particular amount of time. Software reliability testing helps discover many problems in the software design and functionality.
ISO/IEC 27040 is part of a growing family of International Standards published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in the area of security techniques; the standard is being developed by Subcommitee 27 (SC27) - IT Security techniques of the first Joint Technical Committee 1 of the ISO/IEC. A major element of SC27's program of work includes International Standards for information security management systems (ISMS), often referred to as the 'ISO/IEC 27000-series'.
ITIL, formerly an acronym for Information Technology Infrastructure Library, is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business.
