Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
38 Cards in this Set
- Front
- Back
- 3rd side (hint)
* Asset Base |
It is a repository of items identified and labeled for information assurance. |
repository |
|
*Asset Identification |
It establishes an accurate record of the precise form of the items in the information asset base. |
records precise form of the items |
|
**Baseline |
It is a catalogue of recorded information item. |
catalogue |
|
*Baselining |
It is a process of recording an information item. |
|
|
**Countermeasure |
It is a control that has been deliberately set to counter an identified threat. |
counter |
|
*Disaster Recovery |
It assures the ability to recover assets after a disaster. |
|
|
*Family Tree |
It is a hierarchical structure of the asset base. |
|
|
**Risk Management |
It maintains the organization’s planned response to all identified threats. |
|
|
*Audit |
It assures the integrity of the security solution |
|
|
*Compliance |
Meeting the standards |
|
|
*Confidentiality |
Keeping practices and procedures between the company and client private (not the same thing as the information security property in subsequent chapters) |
|
|
*Control Objective |
These are focused behaviors with observable outcomes |
|
|
*Corrective Action |
Documented action against perceived risk/threat |
|
|
*Cost/Benefit |
Analyses the pros and cons of an action |
|
|
*Countermeasures |
They are steps that will be taken to mitigate a given risk |
|
|
*Estimate of the Consequences |
Harm caused against a threat |
|
|
*Follow-up |
It is another audit to confirm compliance |
|
|
**Gaps |
They are identified risks between ideal practice and the current operation |
|
|
*Latent Threat |
A possible threat that only becomes active at a later time if one of the conditions changes |
|
|
**Likelihood |
The certainty of risk |
|
|
*Preventive Measures |
The strategy to reduce the likelihood of a risk occurrence |
|
|
*Process Entropy |
It is the natural tendency for any organized system to degrade over time due to the changing conditions |
|
|
*Probability of Occurrence |
A percentage indicating the likelihood of occurrence |
|
|
*Reactive Measures |
The strategy to respond effectively if a risk becomes a direct threat |
|
|
***Risk |
It is a possibility of a threat |
|
|
**Risk Analysis |
The process by which the risk is understood |
|
|
***Risk Assessment |
It is an operational process by which risks are identified and characterized |
|
|
***Risk Estimation |
Determines the probability and impact of threats |
|
|
*Risk Evaluation |
It is a function that is used to decide about the nature of emerging threats |
|
|
**Risk Management |
It ensures effective and up-to-date alignment between identified threats and the countermeasures deployed to mitigate them |
|
|
***Risk Mitigation |
It determines how the risk will be handled |
|
|
*Risk Tolerance |
It is the minimum level of protection that management can reasonably afford in its day-to-day operations |
|
|
*Risk Transfer |
It specifies how any foreseen impact can be reallocated so that the loss is not permanent or catastrophic |
|
|
*Scope of the Assessment |
It should include the entire set of organizational and technical issues |
|
|
*Standards |
Gap analysis must be based on universal standards such as ISO 27000, NIST, GASSP or COBIT |
|
|
***Threat |
A way of exploiting known weakness in an organization |
|
|
***Vulnerability |
Perceived weakness in an organization can be exploited |
|
|
**Weakness |
A part of a system that can be exploited |
|