Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP+ > 3 - Risk mitigation, strategies, and controls > Flashcards

3 - Risk mitigation, strategies, and controls Flashcards

1
Q

What is the FISMA definition for confidentiality?

A

preserving authorized restriction on access and disclosure, including means for protecting personal privacy and proprietary information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the FISMA definition for integrity?

A

guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the FISMA definition for availability?

A

ensuring timely and reliable access to and user of information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the first step of establishing the aggregate score of CIA?

A

determine the potential impact of each type of risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Impacts are typically categorized from what list-of-values?

A

High, moderate, and low

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Security policies are developed in response to what?

A

a perceived need of guidance due to some driving force, typically form upper management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

When senior management provides guidance on a specific topic in the form of a policy, the policy is said to be drafted in what fashion?

A

top-down

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A policy is a better candidate for senior executive buy-in when it meet these criteria:

A
  • includes wording presented in a form that makes sense in business terms
  • is clearly aligned with the organization’s overall goals and objectives
  • can be seen to specifically support these goals and objectives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the primary objective of policies?

A

to communicate the goals and objectives with respect to some particular aspect of the business

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The set of required security controls is dependent upon what?

A

the aggregate score of security requirements defined by the security category

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the primary toolset for security practitioners to apply in an effort to meet security requirements?

A

security controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the challenge for security professionals with regard to security controls?

A

to employ the correct set of security controls to provide the level of protection required

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

In what ways can a security control reduce the risk associated with a threat to the enterprise?

A
  • avoid the impact
  • transfer the impact to another party
  • mitigate the effect of the threat
  • accept the risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are threat actors?

A

individuals or groups that are responsible for actions - intentional or accidental - that lead to losses for other individuals or organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are threat actors?

A

individuals or groups that are responsible for actions - intentional or accidental - that lead to losses for other individuals or organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the two manners of risk analysis?

A

qualitative or quantitative

in most cases, risk management and analysis activities include elements from both quantitative and quantitative models

17
Q

What manner of risk analysis uses experts judgment and experience to assess the elements of occurrence and impact?

A

qualitative

18
Q

To assess risk qualitatively, you must do what?

A

compare the impact of the threat with the probability of occurrence and then assign an impact level and probability level to the risk

19
Q

What manner of risk assessment uses calculation based on historical data associated with risk?

A

quantitative

20
Q

What manner of risk assessment uses calculation based on historical data associated with risk?

A

quantitative

21
Q

What is the primary purpose behind making a risk determination?

A

to provide management with the information needed to make decisions on which threats to address and with what level of resources

22
Q

With regard to a threat, what is the magnitude of impact?

A

a measure of how much damage a particular threat would cause if it manifested itself

23
Q

The challenge of risk management analysis is:

A

the determination of the magnitude of impact

24
Q

What is the likelihood of a threat?

A

a measure of the chance that a threat will actually impact a system

25
Q

An organization’s exposure to natural disasters is affected by the organization’s:

A
  • region
  • proximity to threat source
  • emergency procedures
  • awareness training
  • facility structure
  • time of the year
26
Q

An organization’s exposure to natural disasters is affected by the organization’s:

A
  • region
  • proximity to threat source
  • emergency procedures
  • awareness training
  • facility structure
  • time of the year
27
Q

What does trend analysis involve?

A

performing ongoing research on emerging industry trends to determine the potential and impact of threats that organizations may face

28
Q

What does TCO stand for?

A

total cost of ownership

29
Q

Calculating the TCO of a security product involves what?

A

factoring in all the expected costs over the life cycle of the product

CASP+ (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions