Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
NIST 800-30 |
Risk management Guide for IT for Federal systems. IT based |
|
|
OCTAVE & AS/NZS 4360 are based on what type of environment |
Corporate based |
|
|
Firewall, encryption, software permission, and authentication devices is what type of control |
Logical (or technical) controls usually used in tandem with physical or admin controls to provide a defense in depth approch |
|
|
What is the formula for ALE? Annual Loss Expectancy |
Single Loss Expectancy x annualized rate of occurrence.
SLE X ARO |
|
|
a firewall is what type of risk? |
Risk mitigation |
|
|
What is the formula for SLE |
Asset value x exposure factor
AV x EF |
|
|
What is ISO/IEC 27001 |
ISMS requirements |
|
|
What is ISO/IEC 27002 |
code of practice for Information security management |
|
|
What is ISO/IEC 27003 ISO/IEC 27004 |
1. guidelines for ISMS implementation 2. guidelines for info sec management measurement and metrics framework |
|
|
What is ISO/IEC 27005 ISO/IEC 27006 |
1. guidelines for info security risk management 2. guidelines for bodies providing audit and certification info security management systems |
|
|
TOGAF |
model and methodology for the development of enterprise architecture |
|
|
ITIL |
process to allow for IT service management developed by the UK |
|
|
Six Sigma |
business management strategy taht can be sued to carry out process improvement |
|
|
What type of control is mandatory vacation |
adminstrative detective |
|
|
What type of control is dual control |
administrative preventative |
|
|
What type of control is separation of duties |
administrative control |
|
|
data classification policy is what type of control |
administrative control |
|
|
what is the best way to illustrate the dangers of teh current configuration issues |
carry out a risk assessment |
|
|
what should management consider most when classifying data |
availability, integrity, and confidentiality |
|
|
w |
w |
