Assessment. A process to investigate what policies or procedures are more or less reliable, especially when it comes to (1) employee selection and (2) computer use.
Business continuity. Plans and ongoing planning to prepare an organisation to overcome disaster (see below) and resume its normal operations within a reasonably short period. Factors include...
|Are your critical operations designed to be unaffected by disaster?
||Arrangements to recover or restore critical (and then less critical) operations that fail
||Is your organization able and ready to cope effectively with whatever disaster occur?
Disaster. In this glossary, disaster means a catastrophic, unplanned event; disaster (1) occurs over a relatively short time, and (2) seriously disrupts or destroys communal or social services. See also Inappropriately Managed Risk.
Embezzlement. A form of white-collar crime and a type of fraud. Someone trusted with an organization’s money is expected to protect this asset. It is illegal to intentionally use the money for personal use.
Employee theft. This is precisely what it says: when an employee steals goods from his (her) employer. Employee theft occurs when an employee steals merchandise or pockets money. See also Shrinkage (below).
Forensic Auditing. A type of audit to detect fraud.
Fraud. A deliberate deception to deprive someone, fraud may be either a criminal or civil wrong.
Inappropriately managed risk. Known hazards that severely damage business operations in an organisation that did not plan for the risk.
Industrial Espionage. In this glossary, industrial espionage means acts to secretly acquire proprietary information, usually (but not necessrily) from a competitor. Many acts associated with industrial espionage are not necessarily illegal. These acts include tapping phones and computer systems, hidden cameras, surveillance, document theft, mail theft, and bribery.
Information Security. Maintaining the confidentiality of the information held, processed or transferred by the organization. Information security is ensured through technological as well as organizational means, such as company procedures (shredding documents, leaving documents in locked and secured rooms).
This activity is meant to protect the organization from industrial espionage and information theft by the competition or other parties.
Intellectual Property. A general term for rights to man-made intangible assets such as works of art, reputation, inventions, etc. Securing intellectual property protects the organization from product forgery or copyright, patents and trademark theft.
Loss Prevention. A general term this glossary uses to define what the organisation does to identify weak and flawed processes that reduce or eliminate income.
Mission Critical. Essential operations that cannot fail without causing chaos (at best) or catastrophe (at worst).
Physical Security. The acts an organisation takes to protect itself and from sabotage, robbery, break-ins and theft. See also Technological security.
Remote Security Operations. A type of physical or technological security that monitors what takes place in a physical plant, such as a community centre, office, or school. Commonly used to monitor security, life safety, and other types of alarm system.
Risk Management. Plans and ongoing planning to decide what risks need assessment, mitigation, or both. See also Inappropriately managed risk.
Risk Survey. A way to identify risks that may cause financial loss or damage.
Security Consulting. A process to assess, design, and install solutions that either eliminate or mitigate security and safety risks.
Security of Data. An ARM-LP mission critical strategy to protect data. See also: Mission critical
Security of Information. An ARM-LP mission critical strategy to protect information. An information security failure damages operations so badly that business continuity may be compromised. See also: Business Continuity, Mission critical
Security of People. An ARM-LP mission critical strategy to protect people.
Security of Systems. An ARM-LP mission critical strategy to protect text and rich content stored for use on a website or intranet.
Security of Venue. An ARM-LP mission critical strategy to protect people and the places they gather.
Shoplifting. Shoplifting occurs when someone comes into a shop while open and steals goods. See also shrinkage (below).
Shrinkage. Shrinkage occurs when a retailer has less stock than the inventory lists. Clerical error, damage, loss, and theft are all forms of shrinkage. Almost 80% of shrink is from theft. Insiders steal about 55% of goods. Some other forms of shrinkage are...
- Administrative (paperwork) errors, e.g., shipping errors, misplaced goods
- Cashier or price-check errors in the customer's favour
- Perishable goods not sold on or before “best buy”
- Vendor fraud
Technological Security. A type of physical security using technology, such as cameras, electronic detectors, remote monitoring, and other types of electronic device.