The amount of time allowed for the recovery of a business function or resource after a disaster occurs

1. An instance of IT risk 2. A combination of control - value and threat conditions that impose a noteworthy level of IT risk

1. Information that proves or disproves a stated issue 2. Information that an auditor gathers in the course of performing an IS audit; relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it i

British Standards Institution

The acceptable level of variation that management is willing to allow for any particular risk as the enterprise pursues its objectives

A plan used by an enterprise to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems

A group of people integrated at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. This group will act as an efficient corrective control - and should also act as a singl

A description of the overall (identified) IT risk to which the enterprise is exposed