The document discusses methods for ensuring maximum security within information systems through standard procedures and documentation that promote uniformity and reduce errors. It emphasizes the importance of maintaining up-to-date procedures for activities like accessing confidential information and disaster recovery, aligning with ISO 9001's documentation standards. Additionally, it highlights the role of access policies and end-user computing in integrating non-programmers into system development.

4. These methods provide maximum security
to operation of the information system.
Standard procedures are developed and
maintained manually and built in software
help display so that every one knows what to
do.

5. It promotes uniformity and
minimize the chance of error
and fraud.
It should be kept up-to-date so
that correct processing of each
activity is made possible.

6. Standard
procedures and
documentation
Authorization
requirements
Disaster recovery
Controls for
end-user
computing

7. refer to mandatory
activities, actions, rules, or
regulations.
 can give a policy its support and
reinforcement in direction.
could be internal, or externally
mandated (government laws
and regulations).

8. detailed step-by-step tasks that should
be performed to achieve a certain goal.
Example: procedures on how to
install operating systems

9. spell out how the policy,
standards, and guidelines will
actually be implemented in an
operating environment.
If a policy states that all
individuals who access
confidential information must be
properly authenticated.

10. ISO 9001 Documented Information
the terms “documents” and “records”
were formally used to refer to the
important information and data that
exists within a company.

11. DOCUMENT - information
that is discussed in ISO 9001
is also defined as the vital
information that must be
kept and evaluated
periodically.

12. RECORDS are usually retained for
long periods of time, while
DOCUMENTS hold data that is
maintained and frequently updated
or added to.

13. an access policy.
function of specifying access
rights/privileges to resources, which
is related to information
security and computer security in
general and to access control in
particular

14. security mechanism used to
determine user/client privileges
or access levels related to system
resources,including computer programs,
files, services, data and application
features.

15. normally preceded by
authentication for user
identity verification. System
administrators (SA) are typically
assigned permission levels
covering all system and user
resources.

16. involves a set of policies, tools and
procedures to enable the recovery or
continuation of vital technology
infrastructure and systems following a
natural or human-induced disaster.

17. CLASSIFICATION
PREVENTIVE MEASURES
CORRECTIVE MEASURES
DETECTIVE MEASURES
aim at
preventing an event from occurring.
for correcting
a system in case of a negative event
or disaster
focus on detecting
and discovering negative events.

18. EUC refers to computer
systems and platforms that
are meant to allow non-
programmers to create
working
computer applications.

19. EUC compilation of approaches meant
to better involve and
integrate end users and other non-
programmers into the world
of computing systems development.