Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
|
What are the three sides of the CIA Triad?
|
Confidentiality, Integrity, Availability
|
|
|
When a threat agent exploits a vulnerability.
|
Exposure
|
|
|
A control used to mitigate potential losses.
|
Countermeasure.
|
|
|
Weakness in a mechanism that can threaten an asset.
|
Vulnerability
|
|
|
Lack of a countermeasure.
|
Vulnerability
|
|
|
Someone or something that uncovers a vulnerability and exploits it.
|
Threat Agent
|
|
|
Possibility of a threat occurring.
|
Risk
|
|
|
Long-Term, High-Level management instructions on how the organization is to be run.
|
Policies
|
|
|
Administrative controls that reflect an organization's goals and objectives and target a broad audience.
|
Policies
|
|
|
Administrative controls that define a process or rules to be used to support a policy.
|
Standards
|
|
|
Administrative controls that are specific instructions on performing targeted tasks.
|
Procedures
|
|
|
Concept of layered approach to security with loosest controls on the outside and hardest controls at the center.
|
Defense in-depth
|
|
|
What does ISO 27002/ISO 1799 cover.
|
A code of practice with guidelines for information security.
|
|
|
Military Classification Levels
|
Top Secret
Secret Confidential Sensitive but unclassified Unclassified |
|
|
Common Commercial Classification Levels
|
Confidential
Private Sensitive For Internal Use Only Public |
|
|
The process of proper investigation such as an examination of controls and policies concerning an asset.
|
Due Diligence
|
|
|
The conduct that a reasonable person will exercise in a particular situation.
|
Due Care
|
|
|
ALE
|
Annual Loss Expectancy
|
|
|
EAC
|
Estimated Annual Cost
|
|
|
This type of risk analysis utilizes the values of ALE and from risks and ranks them based on potential loss to the owner.
|
Quantitative Risk Analysis
|
|
|
This type of risk analysis often utilizes estimated potential and delayed losses.
|
Qualitative Risk Analysis
|
|
|
This type of qualitative risk analysis heavily relies on interviews with subject matter experts.
|
Delphi Method
|
|
|
Calculate the Single Loss Expectancy (SLE)
|
Asset Value x Exposure Factor = SLE
|
|
|
Calculate the Annualized Loss Expectancy (ALE)
|
SLE x Annualized Loss Expectancy (ALO) = ALE
|
|
|
The amount of risk after a safeguard is put into place.
|
Residual Risk
|
|
|
What is a good reason for the use of an automated risk analysis tool?
|
Information gathering would be minimized and expedited due to the amount of information built into the tool.
|
|
|
Which element of the CIA Traid ensures that resources are used only for intended purposes?
|
Availability
|
|
|
According to private sector data classification levels, how would salary levels and medical information be classified?
|
Private
|
|
|
Logical Controls are also known as?
|
Technical Controls
|
|
|
What type of Controls are most applicable to personnel security?
|
Operational Controls
|
