Information Security

An OASIS specification that proposes a standard set of SOAP extensions that can be used when building secure Web services to implement message content integrity and confidentiality.

Threat and Vulnerability Management involves all functions pertaining to the protection of federal information and information systems from unauthorized access, use, disclosure, disruptions, modification, or destruction, as well as the creation and implementation of security policies, procedures and controls. It includes all risk and controls tracking for IT systems.

A device available to other computers on a network. Examples include servers, firewalls, routers, switches, workstations, networked Supervisory Control and Data Acquisition (SCADA) systems, and networked printers (multifunction devices).

Any hand-portable device capable of text, voice, email, instant messaging (“IM”), photo messaging or other types of data communication. This policy is not meant to apply to: cars, boats, airplanes, laptop computers, desktop computers, unpiloted aerial vehicles (drones), gps receivers, radios

An IT system or network designed and intended for use only by state of Washington employees, contractors, and business partners.

Risk assessment is a process by which to determine what IT Assets exist that require protection, and to understand and document potential risks from IT security failures that may cause loss of information confidentiality, integrity, or availability. The purpose of a risk assessment is to help management create appropriate strategies and controls for stewardship of information assets.

IT infrastructure consists of the equipment, systems, software, and services used in common across an organization, regardless of mission/program/project.  IT Infrastructure also serves as the foundation upon which mission/program/project-specific systems and capabilities are built.  Approaches to provisioning of IT infrastructure vary across organizations, but commonly include capabilities such as Domain Name Server (DNS), Wide Area Network (WAN), and employee locator systems.

The processes, procedures, systems, IT infrastructure, data, and communication capabilities that allow each agency to manage, store, and share information in pursuit of its business mission, including but not limited to:

Per RCW 43.105.020, "Information technology" includes, but is not limited to, all electronic technology systems and services, automated information handling, system design and analysis, conversion of data, computer programming, information storage and retrieval, telecommunications, requisite system controls, simulation, electronic commerce, radio technologies, and all related interactions between people and machines.

Defines the set of capabilities to provide active response and remediation to a security incident that has allowed unauthorized access to a government information system