C-D
Published under Risk Management
| Terminology | Explanation | Source |
|---|---|---|
| CALL TREE | A structured cascade method (system) that enables a list of persons, roles and/or organisations to be contacted as a part of a plan invocation procedure or in order to disseminate information. Graphically depicts the calling responsibilities and the calling order used to contact management, employees, customers, vendors, and other key contacts in the event of an emergency, disaster, or severe outage situation. | The BCI, modified by ENISA |
| CALL TREE CASCADE TEST | A test designed to validate the currency of contact lists and the processes by which they are maintained | The BCI |
| CAPABILITY | Originally a military term which includes the aspects of personnel, equipment, training, planning and operational doctrine, now used to mean a demonstrable capacity or ability to respond to and recover from a particular threat or hazard | The British Army |
| CASCADE SYSTEM | A system whereby one person or organisation calls out/contacts others who in turn initiate further call-outs/contacts as necessary. Similar Terms: Contact List, Call Tree | The BCI |
| CASUALTY BUREAU | The purpose of the Casualty Bureau is to provide the initial point of contact for the receiving and assessing of information relating to persons believed to be involved in the emergency. The primary objectives of a Casualty Bureau are to: inform the investigation process relating to the incident; trace and identify people involved in the incident; and reconcile missing persons and collate accurate information in relation to the above for dissemination to appropriate parties. | NASP – National Association of Security Professionals |
| CATEGORY 1 RESPONDER | A person or body listed in Part 1 of Schedule 1 to the UK Civil Contingencies Act. These bodies are likely to be at the core of the response to most emergencies. As such, they are subject to the full range of civil protection duties in the Act. Examples of Category 1 responders include the emergency services and local authorities. | UK Civil Contingencies Act, modifed by ENISA |
| CATEGORY 2 RESPONDER | A person or body listed in Part 3 of Schedule 1 to the UK Civil Contingencies Act. These are co-operating responders who are less likely to be involved in the heart of multi-agency planning work, but will be heavily involved in preparing for incidents affecting their sectors. The Act requires them to co-operate and share information with other Category 1 and 2 responders. Examples of Category 2 responders include utilities and transport companies. | UK Civil Contingencies Act, modified by ENISA |
| CBRN | Chemical, Biological, Radiological and Nuclear. Chemical, biological and radiological incidents involve both the release of the corresponding material and threats, hoaxes and false alarms. A nuclear incident would involve the detonation of a nuclear weapon or an improvised nuclear device. | NASP – National Association of Security Professionals and The British Army, modified by ENISA |
| CENTRAL COMPUTER AND TELECOMMUNICATIONS AGENCY | The CCTA was the UK Government Centre for Information Systems responsible for producing and maintaining ITIL. Now subsumed within the OGC | UK Government Site |
| CERTIFICATION | The formal evaluation of an organisation's processes by an independent and accredited body against a defined standard and the issuing of a certificate indicating conformance | ENISA |
| CHANGE | Any deliberate action that alters the form, fit or function of key business activities - typically, an addition, modification, movement or deletion that impacts on the IS infrastructure | ENISA |
| CHANGE CONTROL | The procedures to ensure that all changes are controlled, including the submission, recording, analysis, decision making, approval, implementation and post-implementation review of the change | ENISA |
| CHECKLIST | A tool to remind and /or validate that tasks have been completed and resources are available, to report on the status of recovery | ENISA |
| CHECKLIST EXERCISE | A method used to exercise a completed disaster recovery plan. This type of exercise is used to determine whether the information such as phone numbers, manuals, equipment, etc. in the plan is accurate and current. | ENISA |
| CIVIL CONTINGENCIES ACT (CCA) | The Civil Contingencies Act 2004 establishes a single framework for civil protection in the United Kingdom. Part 1 of the Act establishes a clear set of roles and responsibilities for local responders. Part 2 modernises the emergency powers framework in the United Kingdom. | UK Financial Sector Continuity, modified by ENISA |
| CIVIL EMERGENCY | Event or situation which threatens serious damage to human welfare in a place in the UK, the environment or security of the UK as defined in the Civil Contingencies Act 2004 | NASP – National Association of Security Professionals and The British Army, modified by ENISA |
| CIVIL PROTECTION | Preparedness to deal with a wide range of emergencies from localised flooding to terrorist attack | NASP – National Association of Security Professionals and The British Army, modified by ENISA |
| CLERICAL BACKUP | In case of contingency, delivering some part of the required services without the IS infrastructure. Nowadays, as well as some manual processes, this is likely to be via standalone PCs and commercial office systems software. | ENISA |
| COLD SITE | One or more data centres or office space facilities equipped with sufficient pre-qualified environmental conditioning, electrical connectivity, communications access, configurable space and access to accommodate the installation and operation of equipment by critical staff required to resume business operations | The BCI, modified by ENISA |
| COLD STANDBY/START/SITE (portable or fixed) | An empty computer room, either in portable accommodation or on a fixed site, with power, environmental control and telecommunications, but no IS equipment or software for use in an emergency. See Gradual Recovery | Disaster Recovery Journal, modified by ENISA |
| COMAH | UK Control of Major Accident Hazards regulations. They apply mainly to the chemical industry, but also to some storage, explosives and nuclear sites, and other facilities which use or keep dangerous substances. | NASP – National Association of Security Professionals |
| COMMAND AND CONTROL | Principles adopted by an agency acting with full authority to direct its own resources (both personnel and equipment). During an incident operations will be directed at strategic, tactical or operational levels to achieve the recovery objectives of the organisation and to bring the incident to a successful conclusion. | The BCI, modified by ENISA |
| COMMAND CENTRE (CC) | The facility used by a Crisis/Incident Management Team after the first phase of a Business Continuity incident (often referred to as the incident response or emergency response phase). An organisation must have a primary and secondary location for a command centre in the event of one being unavailable. It may also serve as a reporting point for deliveries, services, press and all external contacts. See also Emergency Operations Centre | The BCI, modified by ENISA |
| COMMAND, CONTROL, AND COORDINATION | A Crisis Management process. Command means the authority for an organisation or part of an organisation to direct the actions of its own resources (both personnel and equipment). Control means the authority to direct strategic, tactical and operational operations in order to complete an assigned function. This includes the ability to direct the activities of others engaged in the completion of that function, i.e. the crisis as a whole or a function within the crisis management process. The control of an assigned function also carries with it the responsibility for the health and safety of those involved. Coordination means the integration of the expertise of all the agencies/roles involved with the objective of effectively and efficiently bringing the crisis to a successful conclusion. | The BCI |
| COMMUNICATIONS RECOVERY | The component of Disaster Recovery which deals with the restoration or rerouting of an organisations telecommunication network, or its components, in the event of loss | The Disaster Recovery Journal |
| COMPUTER RECOVERY TEAM | A group of individuals responsible for assessing damage to the original system, processing data in the interim, and setting up the new system. | ENISA |
| CONSEQUENCE | The end result following a Business Continuity incident that can be defined as loss, injury, disadvantage or gain | The BCI |
| CONSORTIUM AGREEMENT | An agreement made by a group of organisations to share processing facilities and/or office facilities if one member of the group suffers a disaster | The Disaster Recovery Journal |
| CONTACT LIST | A list of team members and/or key personnel to be contacted including their backups | ENISA |
| CONTINGENCY FUND | An operating expense that exists as a result of an interruption or disaster which seriously affects the financial position of the organisation | ENISA |
| CONTINGENCY PLAN | Actions to be followed in the event of a disaster or emergency occurring which threatens to disrupt or destroy the continuity of normal business activities and which seeks to restore operational capabilities. Now largely incorporated within Business Continuity Plan. | ENISA |
| CONTINGENCY PLANNING | Process of developing advanced arrangements and procedures that enable an organisation to respond to an undesired event that negatively impacts the organisation | ENISA |
| CONTINUITY OF GOVERNMENT (COG) | The basis of PDD-NSC-67 (Presidential Decision Directives) - Enduring Constitutional Government and Continuity of Government Operations | PDD-NSC-67 |
| CONTINUITY OF OPERATIONS PLAN (COOP) | A COOP provides guidance on the system restoration for emergencies, disasters, mobilization, and for maintaining a state of readiness to provide the necessary level of information processing support commensurate with the mission requirements/priorities identified by the respective functional proponent. The US Federal Government and its supporting agencies traditionally use this term to describe activities otherwise known as Disaster Recovery, Business Continuity, Business Resumption, or Contingency Planning. | PDD-NSC-67 |
| CONTINUOUS AVAILABILITY | A characteristic of an Business Continuity that masks from the users the effects of losses of service, planned or unplanned. See Continuous Operation | The Disaster Recovery Journal, modified by ENISA |
| CONTINUOUS OPERATIONS | The ability of an organisation to perform its processes without interruption | The Disaster Recovery Journal, Modified by ENISA |
| CONTROL | Any action which reduces the probability of a risk occurring or reduces its impact if it does occur | The BCI |
| CONTROL CULTURE | Sets the tone for an organisation, influencing the control consciousness of its people. Control culture factors include the integrity, ethical values and competence of the entity's people: management's philosophy and operating style; the way management assigns authority and responsibility, and organises and develops its people; and the attention and direction provided by a Board. | The BCI |
| CONTROL ENVIRONMENT | The entire system of controls, financial and otherwise, established by a Board and management in order to carry on an organisation's business in an effective and efficient manner, in line with the organisation's established objectives and goals. Also exists to ensure compliance with laws and regulations, to safeguard an organisation's assets and to ensure the reliability of management and financial information. Also referred to as Internal Control. | The BCI |
| CONTROL FRAMEWORK | A model or recognised system of control categories that covers all internal controls expected within an organisation | The BCI |
| CONTROL REVIEW / MONITORING | Involves selecting a control and establishing whether it has been working effectively and as described and expected during the period under review | The BCI |
| CONTROL SELF ASSESSMENT (CSA) | A class of techniques used in an audit or in place of an audit to assess risk and control strength and weaknesses against a control framework. The 'self' assessment refers to the involvement of management and staff in the assessment process, often facilitated by internal auditors. CSA techniques can include workshop/seminars, focus groups, structured interviews and survey questionnaires. | The BCI |
| CONTROLLED AREA | The area contained, if practicable, by the inner cordon | ENISA |
| CORDON | The boundary line of a zone that is determines, reinforced by legislative power and exclusively controlled by the emergency services from which all unauthorised persons are excluded for a period of time | The BCI |
| CORPORATE GOVERNANCE | The system/process by which the directors and officers of an organisation are required to carry out and discharge their legal, moral and regulatory accountabilities and responsibilities | The BCI |
| CORPORATE RISK | A category of Risk Management that looks at ensuring that an organisation meets its corporate governance responsibilities, takes appropriate actions and identifies and manages emerging risks | The BCI |
| COST BENEFIT ANALYSIS | A process (after a BIA and Risk Assessment) that facilitates the financial assessment of different strategic BCM options and balances the cost of each option against the perceived savings | The BCI |
| COUNTERMEASURE | An action taken to reduce risk. It may reduce the 'value' of the asset, the threats facing the asset or the vulnerability of that asset to those threats. | ENISA |
| CRISIS | A critical event, which, if not handled in an appropriate manner, may dramatically impact an organisation's profitability, reputation, or ability to operate. Or, an occurrence and/or perception that threatens the operations, staff, shareholder value, stakeholders, brand, reputation, trust and/or strategic/business goals of an organisation. See Event and Incident | The BCI and UK Financial Sector Continuity |
| CRISIS MANAGEMENT | The method concerned with managing the entire range of impacts following a disaster, including elements such as adverse media coverage and loss of customer confidence | ENISA |
| CRISIS MANAGEMENT PLAN | A clearly defined and documented plan of action for use at the time of a crisis. Typically a plan will cover all the key personnel, resources, services and actions required to implement and manage the Crisis Management process. | ENISA |
| CRISIS MANAGEMENT TEAM (CMT) | A management team who direct the recovery operations whilst taking responsibility for the survival and the image of the enterprise | ENISA |
| CRISIS MANAGEMENT PLAN OR CRISIS PLAN | A plan of action designed to support the crisis management team when dealing with a specific emergency situation which might threaten the operations, staff, customers or reputation of an enterprise | ENISA |
| CRISIS MANAGER (CM) | The leader of the Crisis Management Team | ENISA |
| CRISIS SIMULATION | The process of testing an organisation's ability to respond to a crisis in a coordinated, timely, and effective manner, by simulating the occurrence of a specific crisis | ENISA |
| CRISIS ROOM | See Command Centre | The BCI |
| CRITICAL DATA POINT | The point in time to which data must be restored in order to achieve recovery objectives | The BCI |
| CRITICAL INFRASTRUCTURE (CI) | Physical assets whose incapacity or destruction would have a debilitating impact on the economic or physical security of an organisation, community, nation, etc. | The Disaster Recovery Journal, modified by ENISA |
| CRITICAL RECORDS | Records or documents that, if damaged or destroyed, would cause considerable inconvenience and/or require replacement or recreation at considerable expense | ENISA |
| CRITICAL SERVICE | Any service which is essential to support the survival of the enterprise | ENISA |
| CRITICAL SUCCESS FACTORS (CSFs) | The certain factors that will be critical to the success of the organisation, in the sense that if the objectives associated with those factors are not achieved, the organisation will fail - perhaps catastrophically so. Identification of CSFs should help determine the strategic objectives of the organisation. | ENISA |
| CUSTOMER RELATIONSHIP MANAGEMENT CRM | All of the activities necessary to ensure that Business Continuity Managers have a true understanding of their customers' needs and that the customers also understand their responsibilities. Use of the term in an Business Continuity Management sense should not be confused with the specific CRM term which is generally focused on helping a business 'sell' more to its customers rather than deliver better services. | ENISA |
| DAMAGE ASSESSMENT | The method of assessing the financial/non-financial damage following a Business Continuity incident. It usually refers to the assessment of damage to physical assets e.g. vital records, buildings, sites, technology to determine what can be salvaged or restored and what must be replaced. | The BCI |
| DATA AVAILABILITY | Data is accessible and services are operational. | ENISA |
| DATA BACKUP STRATEGIES | Data backup strategies will determine the technologies, media and offsite storage of the backups necessary to meet an organisations data recovery and restoration objectives. | The Disaster Recovery Journal, modified by ENISA |
| DATA BACKUPS | The copying of production files to media that can be stored both on and/or off-site and can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster | The Disaster Recovery Journal, modified by ENISA |
| DATA CENTRE RECOVERY | The component of Disaster Recovery which deals with the restoration of data centre services and computer processing capabilities at an alternate location and the migration back to the production site | The Disaster Recovery Journal, modified by ENISA |
| DATA CONFIDENTIALITY | The protection of communications or stored data against interception and reading by unauthorised persons | ENISA |
| DATA INTEGRITY | The confirmation that data which has been sent, received or stored is complete and unchanged | ENISA |
| DATA MIRRORING | A method whereby critical data is copied instantaneously to another location so that it is not lost in the event of a Business Continuity incident | The BCI |
| DATA PROTECTION | Statutory requirements to manage personal data in a manner that does not threaten or disadvantage the person to whom it refers | The BCI |
| DATA RECOVERY | The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup | The Disaster Recovery Journal, modified by ENISA |
| DATABASE REPLICATION | The partial or full duplication of data from a source database to one or more destination databases | |
| DECISION POINT | The latest moment at which the decision to invoke emergency procedures has to be taken in order to ensure the continued viability of the enterprise | The BCI |
| DECLARATION (OF DISASTER) | A formal statement that a state of disaster exists | The Emergency Planning Society |
| DECLARATION FEE | A fee charged by a Commercial Hot Site Vendor for a customer invoked disaster declaration | ENISA |
| DELEGATION | A formal agreement whereby one organisation's functions will be carried out by another. | ENISA |
| DENIAL OF ACCESS | The inability of a organisation to access and/or occupy its normal working environment. Usually imposed and controlled by the Emergency and/or Statutory Services. | The BCI |
| DEPENDENCY | The reliance or interaction of one activity or process upon another | The BCI |
| DESKTOP EXERCISE | See: Table Top Exercise | ENISA |
| DISASTER | A sudden, unplanned catastrophic event causing unacceptable damage or loss | The Disaster Recovery Journal |
| DISASTER RECOVERY (DR) | Disaster Recovery refers to an IT-focused plan designed to restore operability of the target system, application, or computer facility at an alternate site after an emergency. The scope may overlap that of an IT Service Continuity Plan; however, the DR Plan is narrower in scope and does not address Business Impact Analysis. Also referred to as IT Disaster Recovery. | NIST SP 800-34, with some modification by ENISA |
| DISASTER RECOVERY COORDINATOR | A role of the Disaster Recovery programme that coordinates planning and implementation for overall technical recovery of a component | The Disaster Recovery Journal |
| DISASTER RECOVERY PLAN (DRP) OR RECOVERY PLAN | A plan to resume, or recover, a specific essential technical operation | ENISA |
| DISASTER RECOVERY PLANNING | The process of writing a Disaster Recovery Plan | ENISA |
| DISASTER RECOVERY SOFTWARE | An application program developed to assist an organisation in writing a comprehensive disaster recovery plan | ENISA |
| DISASTER RECOVERY TEAMS | A structured group of teams ready to take control of the recovery operations if a disaster should occur | The Disaster Recovery Journal |
| DISK MIRRORING | Disk mirroring is the duplication of data on separate disks in real time to ensure its continuous availability, currency and accuracy. Disk mirroring can function as a disaster recovery solution by performing the mirroring remotely. True mirroring will enable a zero recovery point objective. Depending on the technologies used, mirroring can be performed synchronously, asynchronously, semi-synchronously, or point-in-time. | The Disaster Recovery Journal, modified by ENISA |
| DISRUPTION | An event which interrupts the ability of an organisation to deliver its outputs | ENISA |
| DIVERSE ROUTING | The routing of information through split or duplicated cable facilities | The Disaster Recovery Journal, modified by ENISA |
| DOWNTIME | The total period that a service or component is not operational within an agreed service time. Measured from when a service or component fails to when normal operations recommence. | The Disaster Recovery Journal, modified by ENISA |
| DROP SHIP | A strategy for providing replacement hardware within a specified time period via prearranged contractual arrangements with an equipment supplier at the time of a Business Continuity event | The Disaster Recovery Journal, modified by ENISA |
Latest publications
-
Interoperable EU Risk Management ToolboxThis document presents the EU RM toolbox, a solution proposed by ENISA to address interoperability concerns related to the use of information...
-
Interoperable EU Risk Management FrameworkThis report proposes a methodology for assessing the potential interoperability of risk management (RM) frameworks and methodologies and presents...
Browse the Topics