Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Protection of Assets > Chapter 1: Concepts in Security Risk Management > Flashcards

Chapter 1: Concepts in Security Risk Management Flashcards

1
Q

What does ESRM stand for?

A

Enterprise Security Risk Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does ERM stand for?

A

Enterprise Risk Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is ESRM?

A

A strategic approach to security management that ties an organizations security practice to its overall strategy using globally accepted and established risk management principles.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Under ESRM, who makes decisions about accepting risk to assets

A

The Asset owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the three primary components of ESRM?

A
  1. The context of ESRM.
  2. The foundation of ESRM
  3. The ESRM cycle
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When adopting ESRM what must a security professional understand about an organization’s strategy?

A

The organizations mission and vision.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What should the security practitioner have a clear understanding of when adopting the ESRM?

A
  1. The services and products of the organization.
  2. Key staff and leadership.
  3. legal requirements and regulations.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does an organizations operating environment consist of?

A

The physical, nonphysical, and logical environments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the physical environment include?

A
  1. type of location
  2. building and surroundings
  3. pedestrian/vehicle traffic
  4. non-employee access required.
  5. industrial control systems.
  6. criticality and sensitivity of processes and assets on site.
  7. products on hand or warehoused.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the nonphysical environment include?

A
  1. geo-political environment
  2. external pressures on the industry.
  3. legal/regulatory/ compliance requirements
  4. intensity of competition.
  5. growth mode of the organization.
  6. speed required for decision making.
  7. impact of technology.
  8. impact of ongoing change including leadership.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the logical environment include?

A
  1. digital assets
  2. servers
    3.workstations
    4.network infrastructure
  3. connectivity along with other end points and devices.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a stakeholder?

A

Anyone who directly interfaces with the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Who are the primary individuals that security professionals will interact with?

A

Asset owners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the four processes the ESRM cycle includes?

A
  1. Identify and Prioritize Assets
  2. Identify and Prioritize Risks
  3. Mitigate Prioritized Risks.
  4. Continuous Improvement.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is asset prioritization based on?

A

Each Asset’s criticality to the organizations mission and overall strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is an Asset owner?

A

The person most directly responsible for successful operation of the asset.

16
Q

According to ESRM who is the risk owner?

A

The Asset owner.

17
Q

What is risk prioritization based on?

A

each risk’s potential to undermine the organizations’ ability to execute its mission and overall strategy.

18
Q

How are prioritized risks mitigated?

A

in order of priority, using security controls recommended by the security professional and approved by the asset owner.

19
Q

What are the four foundations of ESRM?

A

1.Holistic Risk Management
2. Partnership with Stakeholders
3. Transparency
4. Governance

20
Q

Under ESRM who participates in the risk management process?

A

All stakeholders

21
Q

Under ESRM, what are security professionals encouraged to do in regard to stakeholders

A

Identify, engage, and align with stakeholders

22
Q

What is risk transparency?

A

When the security professional represents risks in a clear, open, and honest way.

23
Q

What is process transparency?

A

Security Professionals should ensure that asset owners and stakeholders understand the organizations risk management process.

24
Q

What is organizational governance?

A

The system by which an organization is directed and controlled.

25
Q

What does organizational governance typically address?

A
  1. The role of top executives and the board of directors.
  2. The need for audit and oversight.
  3. The rights and responsibilities of stakeholders
  4. procedures for decision making.
26
Q

What is ESRM governance?

A

The process of setting enterprise security risk policy and direction, allocating resources, and ensuring compliance.

27
Q

What are policies?

A

high level statements of corporate strategy and direction. They are considered the laws of the organization.

28
Q

What are standards?

A

tactical descriptions of how policy expectations are to be met.

29
Q

What are guidelines?

A

similar to standards, describes how to meet expectations, but are less rigid than standards’

30
Q

What are procedures?

A

step by step instructions of how to adhere to the previous governance documents.

Protection of Assets (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions