[ISM3 Users] Tuesday Insight - Operational Definitions

[Vicente Aceituno]

Dear All,

(I hope to send an Insight on ISM3 and ISMS in general
every tuesday, hence the subject)

The ISM3 seems like a long list at the end of the doc.

What some might not have realized is that it is cross
referenced with other standards (equal to, no equal,
similar to...)

The core idea of this glossary, and the way these
definitions are used in ISM3 is to use definitions
that are independent of the observer.

Please check:
http://en.wikipedia.org/wiki/Operational_definition

Quoting "For example, the weight of an object may be
operationally defined in terms of the specific steps
of putting an object on a weighing scale. The weight
is whatever results from following the measurement
procedure, which can in principle be repeated by
anyone. It is intentionally not defined in terms of
some intrinsic or private essence. The operational
definition of weight is just the result of what
happens when the defined procedure is followed. In
other words, what's being defined is how to measure
weight for any arbitrary object, and only incidentally
the weight of a given object."

This is the key:
"It is intentionally not defined in terms of some
intrinsic or private essence."

In ISM3 terms like security, vulnerability, weakness,
risk, threat, opportunity, incident, attack, error and
accident and defined "operationally".

As the only way to manage is to measure, in a
management standard it makes sense to define things in
terms of the way they can be measured.

My best

Vicente


       
____________________________________________________________________________________Boardwalk for $500? In 2007? Ha! Play Monopoly Here and Now (it's updated for today's economy) at Yahoo! Games.
http://get.games.yahoo.com/proddesc?gamekey=monopolyherenow