• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

15 Cards in this Set

  • Front
  • Back
What is a vulnerability?
The absence of a safeguard, or weakness that can be exploited.
What is a threat?
The possibility that someone or something would exploit a vulnerability, intentionally or accidentally, and cause harm
What is a risk?
The probability of a threat agent exploiting a vulnerability and the loss potential
How do you reduce risk?
By reducing vulnerabilities and/or threats
What is exposure?
An instance of being exposed to losses from a threat.
Explain what is a countermeasure?
• also called a safeguard, mitigates the risk.
• can be an application, software configuration, hardware, or procedure.
What is 'due care'?
acting responsibly to lower probability of being found negligent and liable if a security breach takes place.
What is the objective of information security?
provide availability, integrity, and confidentiality (AIC or CIA)
What are the 3 phases of planning horizon?
Strategic planning is long
Tactical planning is midterm
Operational planning is day to day
What is the ISO/IEC 27002 standard?
(formerly ISO 17799 Part 1) comprehensive set of controls comprising best practices in information security
provides guidelines on how to set up and maintain security programs.
Define Security Components
technical (firewalls, encryption, and access control lists) or
nontechnical (security policy, procedures, and compliance enforcement).
What must be done before a risk analysis is performed?
Project sizing
which means to understand and document the scope of the project
What is degree of confidence that a certain security level is being provided?
These 4 domains:
Plan and Organize,
Acquire and Implement,
Deliver and Support, and
Monitor and Evaluate make up what?
CobiT [Control Objectives for Information and related Technology]

developed by the Information Systems Audit and Control As- sociation (ISACA) and the IT Governance Institute (ITGI)
What are the Steps of Risk Analysis?
1: Assign Value to Assets
2: Estimate Potential Loss per Threat
3: Perform a Threat Analysis
4: Derive the Annual Loss Potential
5: Reduce,Transfer, Avoid, or Accept the Risk