Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
13 Cards in this Set
- Front
- Back
|
A _______ _______ is to look at a model, data and assumptions for validity. (looking at a risk model)
|
Uncertainty analysis-
|
|
|
A tool is being used to determine whether attackers have altered system files or executables.
|
File Integrity Checker
|
|
|
- means to ignore or segregate details in order to focus on what is important for some purpose. This helps remove complexity and helps make designs and specifications easier to understand.
|
Abstraction
|
|
|
- Ideally, each component reveals to other components only its external properties, the implementation and data are hidden. This is also called encapsulation, as there are barriers that prevent the access to the procedures and data of the component.
|
Data hiding
|
|
|
- abstractions may be used for a layered structure, where each layer uses abstractions provided by the layer below to create its own abstractions, which in turn are used by the layer above.
|
Layering
|
|
|
There are four general areas for risk management:
|
Risk assignment and transfer- Transferring the risk to others, this would include buying insurance or co-insurance. Risk Rejection- ignoring the risks altogether. Risk reduction- installing the necessary precautions to guard against a risk. Risk acceptance- accepts the risk as the cost to protect that risk would outweigh or cost more, than the risk itself.
|
|
|
An ______ is an instance of being exposed to losses from a threat.
|
exposure
|
|
|
_______ planning is long term, _______ planning is midterm,
_______ planning is day to day. They make up a planning ________. |
Strategic planning is long term,
Tactical planning is midterm, Operational planning is day to day. They make up a planning Horizon. |
|
|
ISO ________ is a comprehensive set of controls comprising best practices in information security and provides guidelines on how to set up and maintain security programs.
|
ISO 17799
|
|
|
Project sizing should be done before __________ is performed.
|
risk analysis
|
|
|
______ is a degree of confidence that a certain security level is being provided.
|
assurance
|
|
|
Risk can be _____, ______, ______, or _______.
|
Risk can be transferred, rejected (ignored), reduced, or accepted.
|
|
|
CIA not = to DAD, what does each stand for?
|
Confidentiality not = disclosure
Integrity not = alteration Availability not = destruction |
