Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
What approach does senior management use for Risk Mitigation?
|
Least-Cost Approach
Most Appropriate Controls Minimal Adverse Impact |
|
|
What are the six Risk Mitigation Options?
|
-Risk Assumption
-Risk Avoidance -Risk Limitation -Risk Planning -Research and Acknowledgement Risk Transference |
|
|
What should be considered when determining risk mitigation options.
|
The goals and mission of an organization.
|
|
|
What are the seven steps for control implementation?
|
-Prioritize Actions
-Evaluate Recommended Control Options -Conduct Cost-Benifit Analysis -Select Control -Assign Responsibility -Develop a safeguard Implementation Plan -Implement Selected Control(s) |
|
|
Under control implementation the output from Step 1 is?
|
Actions ranking from High to Low
|
|
|
Under control implementation the output from Step 2 is?
|
List of feasible controls
|
|
|
Under control implementation the output from Step 3 is?
|
Cost-benefit analysis describing the cost and benefits of implementing or not implementing the controls
|
|
|
Under control implementation the output from Step 4 is?
|
Selected Controls
|
|
|
Under control implementation the output from Step 5 is?
|
List of responsible persons
|
|
|
Under control implementation the output from Step 6 is?
|
Safeguard Implementation plan
|
|
|
Under control implementation the output from Step 7 is?
|
Residual Risk
|
|
|
What information should be included in the Safeguard Implementation Plan?
|
-Risks and associated risk levels
-Recommended controls -Prioritized actions -Selected planned controls -Required resources for implementing the selected planned controls -Lists of responsible teams and staff -Start date for implementation -Maintenance requirements |
|
|
Technical Security Goals are grouped into what categories?
|
-Support
-Prevent -Detect and Recover |
|
|
What are the four Supporting Technical Controls?
|
-Identification
-Cryptographic Key Management -Security Administration -System Protections |
|
|
What are the six Preventive Technical Controls?
|
-Authentication
-Authorization -Access Control Enforcement -Non repudiation -Protected Communications -Transaction Privacy |
|
|
Detection and Recovery Technical Controls?
|
-Audit
-Intrusion Detection and Containment -Proof of Wholeness -Restore Secure State -Virus Detection and Eradication |
|
|
What are the three management security controls?
|
-Preventive
-Detection -Recovery |
|
|
What are the four Preventive Management Security Controls?
|
-Assign security responsibility
-Develop and maintain system security plans -Implement personnel security controls -Conduct security awareness and technical training |
|
|
What are the five Detection Management Security Controls?
|
-Implement personnel security controls
-Conduct periodic reviews -Perform system audits -Conduct ongoing risk management to assess and mitigate the risk -Authorize IT systems to address and accept residual risk. |
|
|
What is the most common subtype of ALL?
|
pre-B (80%)
|
