Applicable Types of Controls and Control Categories Flashcards
What is the primary focus of asset protection activities?
To demonstrate the value or contribution of information assets to the organization
This includes files, databases, or knowledge banks that are often central to risk management discussions.
How can the value of an asset be estimated?
Through various calculation methods used in the risk management decision process
This value is crucial for determining the organization’s risk management strategies.
What does an outcomes-based viewpoint in risk management identify?
Important goals or objectives linked to core business processes
Outcomes can include metrics such as goods sold or timely flights.
What are safety-critical activities often focused on in risk management?
Process-based risk management and mitigation outcomes
These activities ensure that organizational processes operate within safety constraints.
What does the vulnerability-based perspective in risk management focus on?
Identified opportunities for systems to be exploited by attackers
This perspective aims to manage risk by addressing these vulnerabilities.
What is the focus of the threat-based perspective in risk management?
Human actors with deliberate intentions to harm or disrupt information systems
This perspective emphasizes managing risks posed by potential attackers.
How do the four perspectives of risk management operate?
All four can operate simultaneously as front lines of defense against cyber attackers
These perspectives include asset-based, outcomes-based, vulnerability-based, and threat-based views.
What is a common issue faced by small and medium-sized businesses regarding information security?
They often do little to no security planning or management
They are encouraged to implement basic cyber hygiene measures.
What is the challenge with commonly accepted definitions of cyber hygiene measures?
There is no widely accepted definition for what hygiene measures should be or how to assess their effectiveness
This complicates the implementation and monitoring of these measures.
What actions do larger organizations take regarding risk management?
They engage in activities across all four perspectives of risk management
This includes staying current on threats and managing vulnerabilities actively.
What do threat intelligence activities aim to achieve?
To stay current on evolving threats and vulnerabilities
These activities involve collaboration with law enforcement and the information security community.
What does continuous process maturation and improvement focus on?
The overall benefit and financial or mission terms of important business processes
This relates processes to their most important goals and objectives.
What role do assets and asset valuation play in organizations?
They are central to budgeting, resource allocation, and planning
Understanding asset value helps in making informed risk management decisions.
Fill in the blank: The four perspectives of risk management include asset-based, outcomes-based, ________, and threat-based.
vulnerability-based
