Information Security Issues

Hi,

as I've mentioned before, I have a set of questions on information security. The context is the ISO standard on information security management. I just cannot comprehend the meaning of some phrases, e.g.:

1) Contacts should be developed to keep up with industrial trends, monitor standards and assessment methods and provide *** liasion *** when dealing with security incidents.

What is *liaison *** in this context? There are many meanings, and I cannot choose because I'm not quite aware of the English IT terminology

2) Access is provided to... hardware and software support staff, who need access to system level or *** level application *** - could you please explain what's that? Is it applications with a low level of functionality or is it functions of low-level applications [:^)] ?

3) What is "retention of evidence" in the context of security violation by employees? Is it the same as "collection of evidence" ?


4) Care should be taken that no single person can perpetrate fraud in areas of single responsibility without being detected. *** initiation of an *** should be separated from its authorization.

I clearly understand the first sentence, but the second one is totally vague. What is meant by "initiation of event"?

5) Development and test environments should be separated - in this case there's a need to maintain a stable and known environment in which to perfrom meaningful testing and to prevent *** developer *** - what's that ? Does this mean that access of the developer is inappropriate or what?

The questions are isolated, because they are from different paragraphs, but I hope they make sense... Hope they are not very bulky. I'd really appreciate your help.