Black Swan

Definition(s):

A term popular in Business Continuity Management (BCM), based upon a book of the same name in which the author defines a black swan as an event that could not be predicted by normal scientific or probability methods. BCM professionals need to prepare for “black swan” events.

Source: BCI/DRJ

Auditor

Definition(s):

Person with competence to conduct an audit.

Source: ASIS, ISO 9001 2000

Audit Trail

Definition(s):

A chronological record that reconstructs and examines the sequence of activities surrounding or leading to a specific operation, procedure, or event in a security relevant transaction from inception to final result.
A record showing who has accessed an information technology (IT) system and what operations the user has performed during a given period.

Source: CNSSI-4009

Audit

Definition(s):

Formal inspection and verification to check whether a standard or set of guidelines is being followed, records are accurate, or efficiency and effectiveness targets are being met. Scope Note: May be carried out by internal or external groups.

Source: ISACA

Acceptable Risk

Definition(s):

The level of residual risk that has been determined to be a reasonable level of potential loss/disruption for a specific IT System.

Source: NIST 800-16

A level of residual risk to the organization’s operations, assets, or individuals that falls within the defined risk appetite and risk tolerance by the organization.

Source: NIST 800-16lrl

The level of potential losses that a society or community considers acceptable given existing social, economic, political, cultural, technical and environmental conditions. UNISDR Editor’s Note: In engineering terms, acceptable risk is also used to assess and define the structural and non-structural measures that are needed in order to reduce possible harm to people, property, services and systems to a chosen tolerated level, according to codes or “accepted practice” which are based on known probabilities of hazards and other factors.

Source: UNISDR