Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

6 Cards in this Set

  • Front
  • Back
Which is the better approach for information assurance posture: top-down or bottom-up?
Top-down is where senior management initiates and fosters the company's security objectives. It is more successful than bottom-up.
List the four main goals of Risk Analysis.
1) Identify assets and their vaulues.
2) Identify threats.
3) Quantify impact of potential risks.
4) Provide an economic balance between the possible impact of the risk and the cost of the countermeasure.
Define vulnerability, threat, threat agent, and risk.
A weakness in a mechanism that threatens the confidentiality, integrity, or availability of an asset. The threat is that somone will discover the vulnerability. The threat agent is an entity that would find and use the weakness. The risk is the likelihood of the threat agent finding and carrying out an exploit.
In a quantitative risk analysis, what is the EF, the SLE, the ARO, and the ALE?
EF = Exposure Factor
SLE = Single Loss Expectancy
ARO = Annualized Rate of Occurrence
ALE = Annualized Loss Expectancy

EF X asset value = SLE
How does one arrive at the value of the Total Risk?
Threats X vulnerability X asset value = Total Risk

Total Risk X countermeasure = Residual Risk
Who is responsible for data classification? What are these classifications?
Data owners are responsible. Commercial sector uses: Confidential, Private, Sensitive, and Public.
Military uses: Top Secret, Secret, Confidential, Sensitive but Unclassified, Unclassified.