CASP Flashcards
What is ISO 31000
A risk management framework.
What type of risk can you not eliminate?
Residual risk
What is residual risk?
Risk you cannot eliminate.
What are two ways to measure risk?
Qualitative and quantitative.
Which risk response is also included when risk mitigation is performed?
Acceptance
What describes the probability of a threat being realized?
Likelihood
What describes the amount of loss during a one year timespan?
ALE
What is risk appetite?
An assessment of what level of residual risk is tolerable.
What describes the amount of residual risk that is tolerable to the organization?
Risk appetite.
What are the core functions of the NIST CSF?
NIST Cybersecurity Framework
Identify Protect Detect Respond Recover
What are the required steps of the NIST RMF?
NIST Risk Management Framework Steps:
Prepare Categorize Select Implement Assess Authorize Monitor
What are the steps of the risk management life cycle?
Risk Management Lifecycle:
Identify
Assess
Control
Review
What is risk tolerance?
The thresholds that separate different levels of risk.
Identify a popular risk framework.
NIST 800-37
COBIT
COSO
ISO 31000
What phase of the risk management life cycle identifies effective means by which identified risks can be reduce?
Control
What phase of the risk management life cycle identifies risk items?
Identify
What phase of the risk management life cycle determines associated risk levels?
Assess
What phase of the risk management life cycle determines if a risk level has changed?
Review
What should include detailed descriptions of the necessary steps to complete a task?
Process
What function of NIST CSF defines capabilities needed for the timely discovery of security incidents?
Detect
What’s a formal mechanism for measuring performance of a program against desired goals?
KPI
What program demonstrates a cloud service providers adherence to security?
CSA STAR
Cloud Security Alliance, Security Trust and Risk
What standards were established by the AICPA to evaluate controls designed to protect technology and finance?
SOC
What is the cybersecurity standards developed by the DoD?
CMMC
Cybersecurity Maturity Model Certification