5.0 Risk Management

Question 1

An agreement that specifies what type of business partnership two entities will have; often this dictates other considerations, such as interconnection requirements and security.

Answer 1

BPA (Business Partners Agreement)

Question 2

A contractual agreement, signed by an organization and a third party provider, that details level of security, data availability, and other protections afforded the organization’s data held by a third party.

Answer 2

SLA (service Level Agreement)

Question 3

An agreement between two parties, usually either two businesses or two providers, that specifies the term of connecting their respective private network infrastructures.

Answer 3

ISA (Interconnection Security Agreement)

Question 4

A document that defines an agreement between two parties in situations where a legal contract is not necessary or appropriate, such as where both parties work for the same overall organization.

Answer 4

MOU/MOA

Question 5

A personal security concept that states a single individual should not perform all critical or privileged level duties.

Answer 5

Separation of Duties

Question 6

Organizational policy that describes both acceptable and unacceptable actions when using organizational computing resources, as well as the consequences of unacceptable use.

Answer 6

Acceptable Use Policy

Question 7

The maximum amount of time that a resource may remain unavailable before unacceptable impact on other system resources occur.

Answer 7

RTO (recovery Time Objective)

Question 8

The maximum amount of data that can be lost for the organization, after which the business cannot recover or would suffer significant loss.

Answer 8

RPO (Recovery Point Objective)

Question 9

A numerical value estimate for a piece of hardware or equipment that indicates how much time likely will pass between major failures of that hardware or equipment.

Answer 9

MTBF (Meantime Between Failure)

Question 10

A numerical estimate for a piece of hardware or equipment that indicates the likely time between the point a component fails and the time it can be recovered, either through repair or replacement.

Answer 10

MTTR (Meantime To Recover)

Question 11

A system component that has no backup, redundancy, or fault tolerance, such that if the component fails, the entire system fails.

Answer 11

SPOF (Single Point of Failure)

Question 12

Natural disaster outside the control of humans.

Answer 12

Environmental Threat

Question 13

Any threat that is not environmental.

Answer 13

Manmade

Question 14

Threat that is generated by internal sources, usually an insider to the organization.

Answer 14

Internal

Question 15

Threat generated from outside of your infrastructure.

Answer 15

external

Question 16

The monetary value of any single loss. It is used to measure risk with ALE and ARO in quantitative risk assessment.

SLE x ARO= ____

Answer 16

SLE (single Loss Expectancy)

Question 17

The expected loss for a year. It is used to measure risk with ARO and SLE in quantitative risk assessment.

SLE x ARO =_____

Answer 17

ALE (Annual Loss Expectancy)

Question 18

The number of times a loss is expected to occur in a year. It is measured with risk using ALS and SLE in a quantitative risk assessment.

Answer 18

ARO (annualized rate of occurrence)

Question 19

An element of risk assessment. It identifies the value of an asset and can include any product, system, resource, or process. The value can be a specific monetary value or subjective value.

Answer 19

Asset Value

Question 20

A document listing information about risks. It typically includes risk scores along with recommended security controls to reduce the risk scores.

Answer 20

Risk Register

Question 21

A risk assessment that uses specific monetary amounts to identify cost and asset value. It then uses SLE and ARO to calculate ALE.

Answer 21

Quantitative Risk Assessment

Question 22

A risk assessment that uses judgment to categorize risks. Its based on impact and likelihood of occurrence.

Answer 22

Qualitive Risk Assessment

Question 23

A strategy of dealing with risk in which it is decided the best approach is simply to accept the consequences should the threat happen.

Answer 23

Risk Acceptance

Question 24

A strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk through insurance, third-party contracts, and/or shared responsibility.

Answer 24

Risk Transference

Question 25

A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk.

Answer 25

Risk Avoidance

Question 26

A strategy of dealing with risk in which it is decided that the best approach is to lessen the risk.

Answer 26

Risk Mitigation

Question 27

The process used to prevent unauthorized changes. Unauthorized changes often result in unintended outages.

Answer 27

Change Management

Question 28

The procedures documented in an incident response policy.

Answer 28

Incident Response Plan

Question 29

A term that refers to the order in which you should collect evidence.
Ex: data in memory is more volatile than data on a disk drive, so it should be collected first.

Answer 29

Order of Volatility

Question 30

A process that provides assurances that evidence has been controlled and handled properly after collection. Forensic experts establish this when they first collect evidence.

Answer 30

Chain of Custody

Question 31

A court order to maintain data for evidence.

Answer 31

Legal Hold

Question 32

A complete backup facility to continue business operations that includes all resources in place, computers, network infrastructure and current backups , so that operations can commence in hours or even minutes after a disaster occurs.

Answer 32

Hot-site

Question 33

A site that provides some capabilities in the event of a disaster. The organization that wants to use a warm site will need to install, configure, and re-establish operations on systems that might already exist in the warm site.

Answer 33

Warm-site

Question 34

A physical site that can be used if the main site is inaccessible (destroyed) but that lacks all of the resources necessary to enable an organization to use it immediately.

Answer 34

Cold-site

Question 35

A type of backup that includes only new files or files that have changed since the last full backup. Differential backups differ from incremental backups in that they don’t clear the archive bit upon their completion.

Answer 35

Differential Backup

Question 36

A type of backup that includes only new files or files that have changed since the last full backup and then clears the archive bit upon completion.

Answer 36

Incremental Backup

Question 37

Image of a virtual machine at a moment in time.

Answer 37

Snapshot

Question 38

A backup that copies all data to the archive medium.

Answer 38

Full Backup

Question 39

An exercise that involves individuals sitting around a table with a facilitator discussing situations that could arise and how best to respond to them.

Answer 39

Tabletop Exercise

Question 40

The process of reconstructing a system or switching over to other systems when a failure is detected.

Answer 40

Failover

Question 41

Security controls that attempt to discourage individuals from causing from causing a security incident.

Answer 41

Deterrent Control

Question 42

Security controls that attempt to detect security incidents after they have occurred.

Answer 42

Detective Control

Question 43

Security control that attempts to prevent a security incident from happening.

Answer 43

Preventative Control

Question 44

Security controls that attempts to reverse the impact of a security incident.

Answer 44

Corrective Control

Question 45

Security controls that are alternative controls used when a primary security control is not feasible.

Answer 45

Compensating Control

Question 46

Controls that rely on technology.

Answer 46

Technical Control

Question 47

A control implemented through administrative policies or procedures.

Answer 47

Administrative Control

Question 48

Controls and countermeasures of a tangible nature intended to minimize intrusions.

Answer 48

Physical Control

Question 49

To burn any flammable data

Answer 49

Burning

Question 50

To shred any data.

Answer 50

Shredding

Question 51

a process that is performed after shredding papers. It reduces the shredded paper to a mash or puree.

Answer 51

Pulping

Question 52

To completely smash a Hard Disk.

Answer 52

Pulverizing

Question 53

Using a powerful electromagnet to wipe the data and make it useless.

Answer 53

Degaussing

Question 54

A general sanitization term indicating that all sensitive data has been removed from a device.

Answer 54

Purging

Question 55

The process of completely removing a;; remnants of data on a disk. A bit-level overwrite writes patterns of 1s and 0s multiple times to ensure data on a disk is unreadable.

Answer 55

Wiping

Question 56

Information that is unique to an individual and may serve to identify an individual.
Ex: SSNs, Bank Account info, names and addresses, and birthdates.

Answer 56

PII

Question 57

Specific information related to an individual s healthcare that is protected by law both as an individual data elements and in aggregate.
Ex: medical diagnosis, conditions, or treatment, as well as billing or insurance information.

Answer 57

PHI

Question 58

A policy stating how long data should be kept (retained).

Answer 58

Data Retention