Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
36 Cards in this Set
- Front
- Back
|
Balance score card |
- financial (shareholders) - customer - internal (processes) - growth (improvement) |
|
|
What is the Business continuity process? |
- business as usual - disaster recovery - incident handling - alternate business processes - business restoration - business resumption
|
|
|
what are the components Incident management process? |
-Identify -respond -recovery -review |
|
|
Waterfall model |
- analyze, design, develop, test, deploy
- high cost of change
- high risk of making too many features or making the wrong thing the right way |
|
|
What is risk appetite ? |
willingness to accept the risk with a potential gain |
|
|
Portfolio mgmt vs project mgmt |
- portfolio is strategic, project is tactical
- portfolio is aggregate, project is specific |
|
|
What is information security? |
it is the measures taken to protect information of unauthorised disclosure , modification or distruction (CIA Triad). and it is a subset of information assurance includes physical and IT security |
|
|
what is information systems security? |
-it is composed of compusec and commsec
-commsec is measures used to secure data while it gets transfered by means of encryption. |
|
|
What is administrative security? |
-subset of information security -achieved by administrative rules and infosec policies -reporting , incident handeling , disposal .. etc
|
|
|
what is (IA) information assurance ? |
-it is the super-set of information security -CIA + authentication and non repudiation -non- repudiation is the proof of deliver to the sender (ack) |
|
|
Threat vectors |
-natural (disasters , floods , hurricans ......etc) non-intentional (poorly trained employees) intentional (internal attacks or external attack) |
|
|
what is risk? |
it is an undesirable circumstance that has both a likelihood of occurrence and negative impact |
|
|
What is Risk management ?
|
it is the measures taken to manage risks . and minimize or eliminate their impact |
|
|
What is residual risk ?
|
it is the risk remaining after all know risks habe been treated |
|
|
what is risk transference ? |
Transferring risk and its consequences to a third party |
|
|
what are the types of risk estimation and how to estimate risks? |
-quantitative ALE = SLE x ARO SLE = AV xEF
ALE - annual loss expectancy SLE - single loss expectancy ARO - Annual rate of occurrence AV = asset value EF = Exposure Value - percentage loss due threat occurrence
-Qualitative (estimate the likelihood of occurrence and how major is the impact) |
|
|
What are the types of risks according to COSO? |
-strategic - affects companies mission or goals -tactic - affecting companies tactics -operation - affects the efficient use of resources -reporting - in accurate reporting -compliance - comply with the laws and regulations
|
|
|
What is the risk assessment process? |
- context establishment -Identify (assets , threat sources , vulnerabilities ...etc.) -Risk estimation (quantitative and qualitative) -Risk evaluate (compare risk with a criteria) -decide whether the assessment in satisfactory
|
|
|
what is proactive risk management process? |
proactive means that you treat risks before they arise -Identify -Analyze -plan -track -control
|
|
|
What is risk management |
-establish the context -identify -analyze -evaluate -treat |
|
|
What do you know about IT governance ?
|
-actions taken to insure efficient and effective use of IT resources to achieve the company's goals - COBIT 5 is an internationally accepted IT governance |
|
|
What is agility? |
Agility is the ability to create and respond to changes in a turbulent business environment |
|
|
What is agile manifesto? |
- individuals&interactions - working software - customer relations - earning&growth |
|
|
What is IT management Building blocks? |
-strategic (establish company and market) -tactical (service development ) -operational (service delivery) -physical(ICT infrastructure) |
|
|
what is IT service delivery processes ? |
-service level management -capacity management -financial mgmt -availability mgmt -IT service continuity -change mgmt |
|
|
what are IT service support processes ? |
-incident mgmt -problem mgmt -configuration mgmt -change mgmt -release mgmt |
|
|
Compare ITIL V2 and V3 |
Replaced IT service process with IT service lifecycle |
|
|
Compare ITIL V3 to ITIL 2011 |
Added -IT strategy mgmt -Business Relationship mgmt |
|
|
IT service life-cycle components |
-Service strategy (determine the needs and objectives) -service design (mechanisms to meet customer requirements) -service transition -service operation -continuous service improvement (CSI) |
|
|
Compare risks in waterfall and iterative software design models.
|
the waterfall model : all the requirements need to be known from the beginning - risk of changing
the iterative model : risk of not finishing on time and increasing the cost |
|
|
cost of change in waterfall and iterative method? |
the cost of change will affect the waterfall model more that the iterative model. as all of the requirments must be known from that start .. it cannot be changes after that. however in the iterative model .. the change can be implemented in the next iteration. |
|
|
why is there a lot of wasted features in a software developed according to the waterfall model. |
- requirements are fixed from the beginning. - it is hard to add features after that due to the high cost of change |
|
|
Secure software design life cycle |
-requirements and use cases -design -test the design -code -test the results -field feedback |
|
|
what evil user stories ? |
- use cases that help secure software developers establish security requirements
|
|
|
explain the difference between strategy and tactics |
-strategy has a broad scope, tactics are specific -strategy occurs prior to actions, tactical occur during actions -strategy organize resources and tactics employ them |
|
|
what is risk in cyber security? |
it is an undesirable circumstance that has both likelihood of occurrence and negative consequence. |
