Glossary

Term Definition Source
Actor An actor is a prototypical business role. In an attempt to create a simple actor model, aspects of different business roles can also be combined into one actor. OSA patterns visualize with actors, the set of responsibility that can be assigned to a prototypical role, in a given setup. OSA
Architecture A set of design artifacts, that are relevant for describing an object such that it can be produced to requirements (quality) as well as maintained over the period of its useful life (change). The design artifacts describe the structure of components, their inter-relationships, and the principles and guidelines governing their design and evolution over time. OSA
Security Security provided by IT Systems can be defined as the IT system's ability to being able to protect confidentiality and integrity of processed data, provide availability of the system and data, accountability for transactions processed, and assurance that the system will continue to perform to its design goals. OSA
Security Architecture The design artifacts that describe how the security controls (= security countermeasures) are positioned, and how they relate to the overall IT Architecture. These controls serve the purpose to maintain the system's quality attributes, among them confidentiality, integrity, availability, accountability and assurance. OSA
Security Control A technical countermeasure, an organizational setup or a process, that helps to maintain an IT systems security-quality properties OSA
Security Incident In IT Security: A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. NIST
Issue Issue is the gap between desired state and current state of an organization, a process or a technical system. An issue arises if an authority points out the aboved mentioned gap and demands that the gap should be closed. OSA
Security Event An event is a notable occurrence at a particular point in time. Typicallly we record thousands or million events and scan them for typical patterns that might indicate a malicious or accidential violation of availability, integrity, or confidentiality Wikipedia