Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
32 Cards in this Set
- Front
- Back
What are these types of control: developing and publishing policies, standards, procedures, guidelines, risk management, screening personnel, conducting security awareness training, implementing change control
|
Administrative controls
|
|
What are these types of controls: Access control, password and resource management, identification and authentication methods, security devices, configuration of infrastructure
|
Technical (or logical) controls
|
|
What are these types of controls: controlling access to facility, locking systems, protecting perimeter, monitoring intrusion, environmental controls
|
Physical controls
|
|
What are hardware, software or procedural weaknesses that may provide an attacker the open door to a computer or network?
|
Vulnerabilities
|
|
What is something or someone that will identify a vulnerability and use it?
|
Threat
|
|
What is the likelihood of a threat agent taking advantage of vulnerability and the corresponding business impact?
|
Risk
|
|
What are methods for determining functions, identifying functional failures, and assessing the causes of failure through a structured process?
|
Failure Modes and Effect Analysis (FMEA)
|
|
What are useful for identifying failures that can take place within complex environments and systems?
|
Fault tree analysis
|
|
What is asset value x exposure factor (EF)?
|
SLE
|
|
What represents percentage of loss a realized threat could have on an asset?
|
EF
|
|
What is SLE x annualized rate of occurrence (ARO)?
|
ALE
|
|
What is estimated frequency of a specific threat taking place in a year?
|
ARO
|
|
What are mandatory activities, actions or rules. Defines requirements of policy?
|
Standards
|
|
What are minimum level of protection required?
|
Baselines
|
|
What are recommended actions and operational guides to users, IT staff, operations staff, etc when a specific standard does not apply
|
Guidelines
|
|
What are detailed step by step tasks that should be performed to achieve a certain goal?
|
Procedures
|
|
What is Due Diligence?
|
Company properly investigated all of its possible weaknesses and vulnerabilities. What are you protecting yourself against
Doing Due Care |
|
What is Due Care?
|
Company does all it reasonably can do under the circumstances and takes reasonable steps. Common sense
Minimum Level of protection |
|
Equation for SLE (Single Loss Expectancy)
|
Asset Value x Exposure Factor
|
|
Equation for ALE (Annual Loss Expectancy)
|
SLE x ARO
|
|
How do you figure ARO (Annualized Rate of Occurrence)?
|
Estimated frequency of a specific threat taking place in a year
|
|
What can you do with Risk?
|
Reduce, transfer, avoid, or accept risk
|
|
How is the classification Confidential (corpoate) usually applied?
|
Data that is exempt from disclosure under the Freedom of Information Act or other laws and regulations. Unauthorized disclosure could seriously affect a company.
|
|
How is the classification Private usually applied?
|
Personal information for use within a company. Unauthorized disclosure could adversely affect personnel or a company. Salary levels and medical information are considered private.
|
|
How is the classification Sensitive usually applied?
|
Requires special precautions to ensure the integrity and confidentiality of the data by protecting it from unauthorized modification or deletion. Requires higher than normal assurance of accuracy and completeness.
|
|
How is the classification Secret usually applied?
|
If disclosed, it could cause serious damage to national security.
|
|
What is an uncertainty analysis?
|
Allows the risk management results to be used knowledgeably
|
|
What is the result of Top Secret (military) information being leaked?
|
Unauthorized disclosure can cause exceptionally grave damage to National security
|
|
What is the result of Secret (military) information being leaked?
|
Unauthorized disclosure can cause serious damage to national security.
|
|
What is the result of Confidential (military) information being leaked?
|
Unauthorized disclosure can cause damage to national security.
|
|
What is the result of Sensitive (military) information being leaked?
|
Disclosure does not cause damage to national security
|
|
What is the result of Unclassified (military) information being leaked?
|
Neither sensitive nore classified
|