Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
30 Cards in this Set
- Front
- Back
What are the five different approaches to risk?
|
Avoidance (Don't engage in that activity)
Transference (Share the risk, think insurance) Mitigation (Take steps to reduce the risk) Deterrence (Warn of harm to others if they affect you) Acceptance (Be willing to live with the risks) |
|
What is a:
Recovery Point Objective (RPO) |
Defines the point at which the system needs to be restored.
|
|
Define:
RAID |
Redundant Array of Independent Disks
|
|
What is
RAID 5 |
Disk striping with parity information spread over all disks.
|
|
What is:
Single Loss Expectancy (SLE) |
How much loss is expected at one time.
|
|
What are the three types of controls that can be administered?
|
Technical
Management Operational |
|
What is:
Quantitative Loss |
Loss that is cost–based and objective.
|
|
What is:
RAID 3 |
Disk striping with a parity disk.
|
|
What are:
Standards |
Deals with specific issues or aspects of a business, and is derived from a policy. Standards should provide enough detail to audit.
|
|
What is:
RAID 1 |
Disk mirroring
|
|
What is:
Mean Time Between Failures (MTBF) |
The measure of the anticipated incidence of failure for a system or component.
|
|
What is:
Recovery Time Objective (RTO) |
The maximum amount of time that a process or service is allowed to be down and the consequences still be considered acceptable.
|
|
What is:
Qualitative Loss |
Loss that is opinion–based and subjective.
|
|
What is the formula to calculate risk?
|
SLE x ARO = ALE
|
|
What is:
Annual Loss Expectancy (ALE) |
The monetary measure of how much loss you could expect in a year.
|
|
What is:
Mean Time To Resolution (MTTR) |
The measurement of how long it takes to repair a system or component once a failure occurs.
|
|
What is:
Annualized Rate of Occurrence (ARO) |
The likelihood (based on historical data) of an event (x number of times) in a year.
|
|
What is:
RAID 0 |
Disk striping using multiple drives and mapping them together as a single drive.
|
|
What are:
Policies |
Provides the people in an organization with guidance about their expected behavior.
|
|
What are:
Threat Vectors |
The ways in which an attacker poses a threat (i.e. vulnerability scanner, phishing email, unsecured hotspot, etc.)
|
|
What is:
Mean Time To Failure (MTTF) |
The average time for failure for a non–repairable system.
|
|
Define:
BIA |
Business Impact Analysis
|
|
What are:
Guidelines |
Help an organization implement or maintain standards by providing information on how to accomplish the policies and maintain the standards. Guidelines are less formal than policies or standards.
|
|
What is:
Platform as a Service (PaaS) |
Platform as a Service:
Also known as cloud platform services. Vendors allow apps to be created an run on their infrastructure (i.e. Amazon Web Services and Google code). |
|
What is:
Software as a Service (Saas) |
Is most often thought of by users as "the cloud". Applications are remotely run over the Web (i.e. Salesforce.com).
|
|
What is:
Infrastructure as a Service (IaaS) |
Utilizes virtualization and clients pay an outsourcer for resources.
|
|
What is:
Fault Tolerance |
The ability of a system to sustain operations in event of component failure.
2 key components: Spare parts Electrical power |
|
What is:
Redundancy |
Duplicate or Fail–over
|
|
Define:
AUP |
Acceptable Use Policies
|
|
What is:
High Availability (HA) |
Keep services operational during an outage. 99.999%
|