Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
6 Cards in this Set
- Front
- Back
Which is the better approach for information assurance posture: top-down or bottom-up?
|
Top-down is where senior management initiates and fosters the company's security objectives. It is more successful than bottom-up.
|
|
List the four main goals of Risk Analysis.
|
1) Identify assets and their vaulues.
2) Identify threats. 3) Quantify impact of potential risks. 4) Provide an economic balance between the possible impact of the risk and the cost of the countermeasure. |
|
Define vulnerability, threat, threat agent, and risk.
|
A weakness in a mechanism that threatens the confidentiality, integrity, or availability of an asset. The threat is that somone will discover the vulnerability. The threat agent is an entity that would find and use the weakness. The risk is the likelihood of the threat agent finding and carrying out an exploit.
|
|
In a quantitative risk analysis, what is the EF, the SLE, the ARO, and the ALE?
|
EF = Exposure Factor
SLE = Single Loss Expectancy ARO = Annualized Rate of Occurrence ALE = Annualized Loss Expectancy EF X asset value = SLE SLE X ARO = ALE |
|
How does one arrive at the value of the Total Risk?
|
Threats X vulnerability X asset value = Total Risk
Total Risk X countermeasure = Residual Risk |
|
Who is responsible for data classification? What are these classifications?
|
Data owners are responsible. Commercial sector uses: Confidential, Private, Sensitive, and Public.
Military uses: Top Secret, Secret, Confidential, Sensitive but Unclassified, Unclassified. |