5.0 Risk Management Flashcards
An agreement that specifies what type of business partnership two entities will have; often this dictates other considerations, such as interconnection requirements and security.
BPA (Business Partners Agreement)
A contractual agreement, signed by an organization and a third party provider, that details level of security, data availability, and other protections afforded the organization’s data held by a third party.
SLA (service Level Agreement)
An agreement between two parties, usually either two businesses or two providers, that specifies the term of connecting their respective private network infrastructures.
ISA (Interconnection Security Agreement)
A document that defines an agreement between two parties in situations where a legal contract is not necessary or appropriate, such as where both parties work for the same overall organization.
MOU/MOA
A personal security concept that states a single individual should not perform all critical or privileged level duties.
Separation of Duties
Organizational policy that describes both acceptable and unacceptable actions when using organizational computing resources, as well as the consequences of unacceptable use.
Acceptable Use Policy
The maximum amount of time that a resource may remain unavailable before unacceptable impact on other system resources occur.
RTO (recovery Time Objective)
The maximum amount of data that can be lost for the organization, after which the business cannot recover or would suffer significant loss.
RPO (Recovery Point Objective)
A numerical value estimate for a piece of hardware or equipment that indicates how much time likely will pass between major failures of that hardware or equipment.
MTBF (Meantime Between Failure)
A numerical estimate for a piece of hardware or equipment that indicates the likely time between the point a component fails and the time it can be recovered, either through repair or replacement.
MTTR (Meantime To Recover)
A system component that has no backup, redundancy, or fault tolerance, such that if the component fails, the entire system fails.
SPOF (Single Point of Failure)
Natural disaster outside the control of humans.
Environmental Threat
Any threat that is not environmental.
Manmade
Threat that is generated by internal sources, usually an insider to the organization.
Internal
Threat generated from outside of your infrastructure.
external
The monetary value of any single loss. It is used to measure risk with ALE and ARO in quantitative risk assessment.
SLE x ARO= ____
SLE (single Loss Expectancy)
The expected loss for a year. It is used to measure risk with ARO and SLE in quantitative risk assessment.
SLE x ARO =_____
ALE (Annual Loss Expectancy)
The number of times a loss is expected to occur in a year. It is measured with risk using ALS and SLE in a quantitative risk assessment.
ARO (annualized rate of occurrence)
An element of risk assessment. It identifies the value of an asset and can include any product, system, resource, or process. The value can be a specific monetary value or subjective value.
Asset Value
A document listing information about risks. It typically includes risk scores along with recommended security controls to reduce the risk scores.
Risk Register
A risk assessment that uses specific monetary amounts to identify cost and asset value. It then uses SLE and ARO to calculate ALE.
Quantitative Risk Assessment
A risk assessment that uses judgment to categorize risks. Its based on impact and likelihood of occurrence.
Qualitive Risk Assessment
A strategy of dealing with risk in which it is decided the best approach is simply to accept the consequences should the threat happen.
Risk Acceptance
A strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk through insurance, third-party contracts, and/or shared responsibility.
Risk Transference
A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk.
Risk Avoidance
A strategy of dealing with risk in which it is decided that the best approach is to lessen the risk.
Risk Mitigation
The process used to prevent unauthorized changes. Unauthorized changes often result in unintended outages.
Change Management
The procedures documented in an incident response policy.
Incident Response Plan
A term that refers to the order in which you should collect evidence.
Ex: data in memory is more volatile than data on a disk drive, so it should be collected first.
Order of Volatility
A process that provides assurances that evidence has been controlled and handled properly after collection. Forensic experts establish this when they first collect evidence.
Chain of Custody
A court order to maintain data for evidence.
Legal Hold
A complete backup facility to continue business operations that includes all resources in place, computers, network infrastructure and current backups , so that operations can commence in hours or even minutes after a disaster occurs.
Hot-site
A site that provides some capabilities in the event of a disaster. The organization that wants to use a warm site will need to install, configure, and re-establish operations on systems that might already exist in the warm site.
Warm-site
A physical site that can be used if the main site is inaccessible (destroyed) but that lacks all of the resources necessary to enable an organization to use it immediately.
Cold-site
A type of backup that includes only new files or files that have changed since the last full backup. Differential backups differ from incremental backups in that they don’t clear the archive bit upon their completion.
Differential Backup
A type of backup that includes only new files or files that have changed since the last full backup and then clears the archive bit upon completion.
Incremental Backup
Image of a virtual machine at a moment in time.
Snapshot
A backup that copies all data to the archive medium.
Full Backup
An exercise that involves individuals sitting around a table with a facilitator discussing situations that could arise and how best to respond to them.
Tabletop Exercise
The process of reconstructing a system or switching over to other systems when a failure is detected.
Failover
Security controls that attempt to discourage individuals from causing from causing a security incident.
Deterrent Control
Security controls that attempt to detect security incidents after they have occurred.
Detective Control
Security control that attempts to prevent a security incident from happening.
Preventative Control
Security controls that attempts to reverse the impact of a security incident.
Corrective Control
Security controls that are alternative controls used when a primary security control is not feasible.
Compensating Control
Controls that rely on technology.
Technical Control
A control implemented through administrative policies or procedures.
Administrative Control
Controls and countermeasures of a tangible nature intended to minimize intrusions.
Physical Control
To burn any flammable data
Burning
To shred any data.
Shredding
a process that is performed after shredding papers. It reduces the shredded paper to a mash or puree.
Pulping
To completely smash a Hard Disk.
Pulverizing
Using a powerful electromagnet to wipe the data and make it useless.
Degaussing
A general sanitization term indicating that all sensitive data has been removed from a device.
Purging
The process of completely removing a;; remnants of data on a disk. A bit-level overwrite writes patterns of 1s and 0s multiple times to ensure data on a disk is unreadable.
Wiping
Information that is unique to an individual and may serve to identify an individual.
Ex: SSNs, Bank Account info, names and addresses, and birthdates.
PII
Specific information related to an individual s healthcare that is protected by law both as an individual data elements and in aggregate.
Ex: medical diagnosis, conditions, or treatment, as well as billing or insurance information.
PHI
A policy stating how long data should be kept (retained).
Data Retention
