Glossary
Business Continuity Management (BCM):
BCM is intended to ensure the functionality of business-critical processes within the organization during and after any crisis situation.Microsoft Office TranslatorBCM 旨在確保在任何危機情況下和之後組織內業務關鍵型流程的功能。
Cloud/external IT services
An external service is the processing of company information outside the audit scope.外部服務是對審計範圍之外的公司信息的處理。
(e.g. ext. hosting, O365 cloud services, AWS, web services such as Kaspersky anti-virus dashboards on the web, SIEM services provided by ext. companies, etc.)(例如外部託管、O365 雲服務、AWS、Web 服務(如 Web 上的卡巴斯基反病毒控制面板)
Important for rejecting non-relevant web services: 外部公司提供的 SIEM 服務等) 對於拒絕不相關的 Web 服務很重要
• Cloud service: Damage may have direct impact on the company (CIA) 雲服務:損壞可能對公司(CIA)產生直接影響
• Data are externally processed in a confidential/strictly confidential manner (e.g. not by translating individual words) 數據以保密/嚴格保密的方式進行外部處理
Non-disclosure agreements (NDA)
Generic work product (GWP)
Any work product resulting from the execution of a process. 由流程執行而產生的任何工作產品。
Information Owner/Information Officer/Data Owner
Information security management system (ISMS)
Information security risks
Information security risk management (ISRM)
Supporting Asset
Supporting assets (electronic and physical) are used for storing, processing and transporting information assets. 輔助資產(電子和實物)用於存儲、處理和傳輸信息資產。
【Example】:Mobile data storage devices, IT systems, IT services/IT service providers, paper documents 移動數據存放設備、IT 系統、IT 服務/IT 服務提供者、紙質文檔
Information Asset
Information of essential value to the organization. 對組織具有重要價值的資訊。
【Example】:Business secrets, critical business processes, know-how, patents 商業秘密、關鍵業務流程、專有技術、專利
IT service
Services in the field of information technology. 資訊技術領域的服務。
IT system
Any type of system used for electronic information processing. 用於電子資訊處理的任何類型的系統。
【Example】:Computer, server, cloud, communication systems, video conference systems, smartphones, tablets
Classification of information
The value of the information for the organization is determined based on the relevant protection goals of information security (confidentiality, integrity and availability). Based on this, the information is classified according to the classification scheme. This enables the organization to implement adequate protective measures. 信息對組織的價值是根據資訊安全的相關保護目標(機密性、完整性和可用性)確定的。基於此,根據分類方案對資訊進行分類。這使組織能夠實施適當的保護措施。
Network service
A network service is a service which is provided by an IT system and used by other IT systems to communicate with the system via a data network. 網路服務是由IT系統提供並由其他IT系統用於通過數據網路與系統通信的服務。
【Example】:DHCP, DNS, https, STARTTLS
Original Equipment Manufacturer (OEM)
Within the context of VDA ISA, this refers to an automobile manufacturer. 在 VDA ISA 的上下文中,這是指汽車製造商。
Personal data
The term personal data is used for all information referring to an identified or identifiable person; a natural person is considered to be identifiable if they can be directly or indirectly identified particularly by assignment to an identifier, e.g. a name, to an identification number, to location data, to an online identification or to one or more specific features describing the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person. 術語個人數據用於涉及已識別或可識別人員的所有資訊;如果自然人可以通過直接或間接識別,特別是通過分配標識碼(例如姓名、身份證號、位置數據、在線識別或描述該自然人的身體、生理、遺傳、心理、經濟、文化或社會身份的一個或多個特定特徵)來識別自然人,則認為該自然人是可識別的。
Process Attributes (PA)
A measurable characteristic for a process capability that is applicable to each process. 適用於每個過程的過程能力的可測量特徵。
Prototype
Prototypes are vehicles, components and parts which are classified as requiring protection but have not yet been presented to the public and/or published in adequate form by the OEM. 原型是被歸類為需要保護但尚未向公眾展示和/或由OEM以適當形式發佈的車輛,元件和零件。
Maturity level
Criterion for the “maturity” of the overall ISMS or parts thereof. This is the degree of structuring and systematic management of the overall process or parts thereof. For the maturity levels used in this document, the requirements given in the tab “Maturity levels” apply. 整體ISMS或其部分的“成熟度”標準。這是對整個過程或其部分的結構和系統管理的程度。對於本文檔中使用的成熟度級別,適用“成熟度級別”選項卡中給出的要求。
Guideline
Collective term for company-internal specifications 公司內部規範的統稱
Protection goals
Confidentiality (C)、Integrity (I)、Availability (A)
Security zones
Security zones usually refer to a nested arrangement of areas encapsulated by means of barriers and access mechanisms. Their purpose is the physical protection of information assets. The more sensitive the information assets to be processed are the more protective measures are required. 安全區域通常是指通過屏障和訪問機制封裝的區域的嵌套排列。其目的是對資訊資產進行物理保護。待處理的信息資產越敏感,就越需要採取保護措施。
【Example】:Storage spaces, garages, workshops, test tracks, data processing centers, development areas. 存儲空間、車庫、車間、測試跑道、數據處理中心、開發區