Approver

An individual who reviews the change to ensure the integrity and reliability of the document and grants approval for the document to be posted.

Document Owner

Manager designated as having ownership of all documents associated with the production system and, thereby, having the authority to change it.

Dual control

Two people are required for an important activity to be accomplished.

Employee

Person, including contractors and temporary staff, who have been granted access to ARL resources.

Owner

Manager of a department or business unit responsible for production processes, systems, applications, platforms or users. In accordance with Information Security policies, and standards, owners determine the level of sensitivity and confidentiality of their information. As such, they determine changes, access and dissemination of their information.

Activity

An element of work performed during the course of a project. An activity normally has an expected duration

CISA

Certified Information Systems Auditor

CobiT

The COBIT (Control Objectives for Information and Related Technology) framework was released in 1996 and updated in 1998 and 2000 by the Information Systems Audit and Control Foundation (ISACF) in response to the need for a reference framework for security and control in information technology. In 2000, the IT Governance Institute and ISACF developed the Management Guidelines for COBIT. These guidelines respond to a need by Management for control and measurability of IT, for the purpose of ensuring that IT activities achieve business objectives.

Control

The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected

Document or Source Document

A sample document that adheres to the criteria necessary for completion of a process and includes the essential contents defined in the template.

Function

A group of related actions contributing to a larger action. Security Policy, Access Control, and Perimeter Security represent security functions.

IT Control Objective

A statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity

ITIL

Information Technology Infrastructure Library

Process

A series of tasks that transform inputs into desired outputs. The term procedure is sometimes used interchangeably with process in this methodology.  Administer Accounts, Perform Risk Assessment, Audit Perimeter Security, Install Hardware are example

Process Management Architecture

A high level description of the system that provides a fully integrated Knowledge Base [of process information].  The Knowledge Base in turn provides control of process change and access to all processes and procedures.

Task

A task is a specific action performed as part of a process.  Disable accounts, Interview Network Manager, and run Crack on the Unix machine are examples of security tasks.

Template

A skeleton document, spreadsheet, or graphic presentation that represents the essential requirements for deliverable content.