• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/38

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

38 Cards in this Set

  • Front
  • Back
  • 3rd side (hint)

* Asset Base

It is a repository of items identified and labeled for information assurance.

repository

*Asset Identification

It establishes an accurate record of the precise form of the items in the information asset base.

records precise form of the items

**Baseline

It is a catalogue of recorded information item.

catalogue

*Baselining

It is a process of recording an information item.

**Countermeasure

It is a control that has been deliberately set to counter an identified threat.

counter

*Disaster Recovery

It assures the ability to recover assets after a disaster.

*Family Tree

It is a hierarchical structure of the asset base.

**Risk Management

It maintains the organization’s planned response to all identified threats.

*Audit

It assures the integrity of the security solution

*Compliance

Meeting the standards

*Confidentiality

Keeping practices and procedures between the company and client private (not the same thing as the information security property in subsequent chapters)

*Control Objective

These are focused behaviors with observable outcomes

*Corrective Action

Documented action against perceived risk/threat

*Cost/Benefit

Analyses the pros and cons of an action

*Countermeasures

They are steps that will be taken to mitigate a given risk

*Estimate of the Consequences

Harm caused against a threat

*Follow-up

It is another audit to confirm compliance

**Gaps

They are identified risks between ideal practice and the current operation

*Latent Threat

A possible threat that only becomes active at a later time if one of the conditions changes

**Likelihood

The certainty of risk

*Preventive Measures

The strategy to reduce the likelihood of a risk occurrence

*Process Entropy

It is the natural tendency for any organized system to degrade over time due to the changing conditions

*Probability of Occurrence

A percentage indicating the likelihood of occurrence

*Reactive Measures

The strategy to respond effectively if a risk becomes a direct threat

***Risk

It is a possibility of a threat

**Risk Analysis

The process by which the risk is understood

***Risk Assessment

It is an operational process by which risks are identified and characterized

***Risk Estimation

Determines the probability and impact of threats

*Risk Evaluation

It is a function that is used to decide about the nature of emerging threats

**Risk Management

It ensures effective and up-to-date alignment between identified threats and the countermeasures deployed to mitigate them

***Risk Mitigation

It determines how the risk will be handled

*Risk Tolerance

It is the minimum level of protection that management can reasonably afford in its day-to-day operations

*Risk Transfer

It specifies how any foreseen impact can be reallocated so that the loss is not permanent or catastrophic

*Scope of the Assessment

It should include the entire set of organizational and technical issues

*Standards

Gap analysis must be based on universal standards such as ISO 27000, NIST, GASSP or COBIT

***Threat

A way of exploiting known weakness in an organization

***Vulnerability

Perceived weakness in an organization can be exploited

**Weakness

A part of a system that can be exploited