Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
29 Cards in this Set
- Front
- Back
Agreement upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access |
AUP Acceptable use policy
Rules of behavior |
|
Used to identify risks and calculate the excepted loss each year |
ALE Annual loss expectancy |
|
How often a threat will occur |
ARO Annualized rate of occurrence |
|
The assessed value of an item associated with cashflow |
AV Asset value |
|
The possible impact if a disruption to a businesses vital resources were to occur |
BIA Business impact analysis |
|
Can agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profit and losses |
BPA Business partners agreement |
|
The potential percentage of loss to an asset if a thread is realized |
EF Exposure factor |
|
In agreement established between the organizations that own and operate connected IT systems to document the technical requirement of the interconnections |
ISA Interconnection security agreement |
|
The maximum period of time that a business process can be down before the survival of the organization is at risk |
MTD Maximum tolerable downtime |
|
Measurement of the anticipated lifetime of a system or component |
MTBF Mean time between failure |
|
Measurement of the average of how long it takes a system or component to fail |
MTTF Mean time to failure |
|
Measurement of how long it takes to repair a system or component once a failure occurs |
MTTR Mean time to restore |
|
A document between 2 or more parties defining there is respective responsibilities in accomplishing a particular goal or mission such as securing a system |
MOU/MOA Memorandum of understanding Memorandum of agreement Memorandum of agreement |
|
The point last known good data prior to an outage that is used to recover systems |
RPO Recovery point objective |
|
The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable |
RTO Recovery time objective |
|
In agreement that specifies performance requirements for a vendor |
S LA Service level agreement |
|
The cost of a single loss when it occurs this loss can be critical failure or it can be the result of an attack |
SLE Single loss expectancy |
|
A single weakness that is capable of bringing an entire system down |
SPOF Single point of failure |
|
Risk assessment that is option based and subjective |
Qualitative |
|
Risk assessment that is cost base and objective |
Quantitative |
|
Used to determine if a system contains PII or sensitive data |
PTA Privacy threshold assessment |
|
Direct conformance with legal, regulator and policy requirement for privacy issues. Identifies the adverse impacts that can be associated with the destruction, corruption karma or loss of accountability of data for the organization |
PIA Privacy impact assessment |
|
Monitor the contents of systems to make sure that key content is not deleted or in moved |
DLP Data loss prevention |
|
Vendors allow apps to be created and run on their infrastructure |
PaaS Platform as a service |
|
Application are remotely run over the Web. No local hardware is required, no software application need to be installed on the machine accessing the site |
SaaS Software as a service |
|
Utilizes virtual a zation and clients pay a cloud service provider for resources used |
IaaS Infrastructure As a service |
|
A legal contract intended to cover confidentiality |
NDA Non disclosure agreement |
|
The measures, such as redundancy, fail over, and mirroring, used to keep services and systems operational during an outage |
HA High availability |
|
Uses multiple disk to provide fault tolerance |
R AID Redundant array of independent disks |