Related Essays

  • Enterprise Vulnerability Management Essay

    To mitigate any kind of vulnerability, one should have two kinds of approaches: a) Qualitative:

  • Risk Analysis: Qualitative And Quantitative Approaches

    As discussed above and due to the changing nature of security systems, a single approach is not enough to determine the risk in different scenarios. Several ...

  • Vulnerabilities And Threats

    The goal of this step is to identify a list of system weakness, by using security test of system, audit comments and security requirements that could be expl...

  • Perform Qualitative Risk Analysis: Project Life Cycle

    The purpose of performing the qualitative risk analysis is to take the risks and rank them from low to high depending on the chances of the risk occurring. T...

  • Risk Analysis Assignment

    (1) What are some safeguards to prevent any network or computer system attacks? One of the first ways than an organization can prevent a computer system ...

  • Steps Of A Security Risk Assessment

    As a large Fortune 500 company, it is extremely important that all measures against threats are managed properly. With the advancement in Information Technol...

  • Nt1330 Unit 2

    The business requirements of the access control must be established and documented. Access control rules and rights for each user or group of users should b...

  • Risk, Management And Implications And Scope Of Risk Management

    1 Introduction During the last years, the acknowledgment of business and different activities has been more overburdened by many complications and uncertai...

  • Risk Management: A Case Study

    Implementing a risk management requires more than simply assessing threats and recording changes. In fact, proposed risk mitigation changes

  • Sappi Case Study

    2.4 Risk control According to Valsamakis (2010, 16) minimise risk practically through the implementation of a physical risk management programme. The progra...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/10

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

10 Cards in this Set

  • Front
  • Back
Which of the following is not a compensating measure for access violations?

A. Backups
B. Business continuity planning
C. Insurance
D. Security awareness
Security awareness
Risk analysis is MOST useful when applied during which phase of the system development process?

A. Project identification
B. Requirements definition
C. System construction
D. Implementation planning
Project identification
Which one of the following is not one of the outcomes of a vulnerability analysis?

A. Quantative loss assessment
B. Qualitative loss assessment
C. Formal approval of BCP scope and initiation document
D. Defining critical support areas
Formal approval of BCP scope and initiation document
Which of the following is not a part of risk analysis?

A. Identify risks
B. Quantify the impact of potential threats
C. Provide an economic balance between the impact of the risk and the cost of the associated countermeasures
D. Choose the best countermeasure
Choose the best countermeasure
A new worm has been released on the Internet. After investigation, you have not been able to determine if you are at risk of
exposure. Management is concerned as they have heard that a number of their counterparts are being affected by the worm. How could
you determine if you are at risk?

A. Evaluate evolving environment.
B. Contact your anti-virus vendor.
C. Discuss threat with a peer in another organization.
D. Wait for notification from an anti-virus vendor.
Contact your anti-virus vendor.
When conducting a risk assessment, which one of the following is NOT an acceptable social engineering practice?

A. Shoulder surfing
B. Misrepresentation
C. Subversion
D. Dumpster diving
Subversion
Which one of the following risk analysis terms characterizes the absence or weakness of a risk-reducing safegaurd?

A. Threat
B. Probability
C. Vulnerability
D. Loss expectancy
Vulnerability
Risk is commonly expressed as a function of the

A. Systems vulnerabilities and the cost to mitigate.
B. Types of countermeasures needed and the system's vulnerabilities.
C. Likelihood that the harm will occur and its potential impact.
D. Computer system-related assets and their costs.
Likelihood that the harm will occur and its potential impact.
How should a risk be handled when the cost of the countermeasures outweighs the cost of the risk?

A. Reject the risk
B. Perform another risk analysis
C. Accept the risk
D. Reduce the risk
Accept the risk
Which of the following is an advantage of a qualitative over quantitative risk analysis?

A. It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities.
B. It provides specific quantifiable measurements of the magnitude of the impacts
C. It makes cost-benefit analysis of recommended controls easier
It prioritizes the risks and identifies areas for immediate improvement in addressing the vulnerabilities.