Chapter 15 - Risk Mitigation

Question 1

Threat assessment

Answer 1

Determining what threats an enterprise may be facing.

Question 2

Supply chain assessment

Answer 2

Determining the risk to a supply chain network that moves a product from the supplier to the customer.

Question 3

Security control

Answer 3

Any device or process that is used to reduce risk.

Question 4

Deterrent control

Answer 4

A control that attempts to discourage security violations before they occur.

Question 5

Preventive control

Answer 5

A control that attempts to prevent the threat from coming in and reaching contact with the vulnerability.

Question 6

Physical control

Answer 6

A control that implements security in a defined structure and location.

Question 7

Detective control

Answer 7

A control that is designed to identify any threat that has reached the system.

Question 8

Compensating control

Answer 8

A control that provides an alternative to normal controls that for some reason cannot be used.

Question 9

Corrective control

Answer 9

Controls that are intended to mitigate or lessen the damage caused by an incident.

Question 10

Security policy

Answer 10

A written document that states how an organization plans to protect the company’s information technology assets.

Question 11

Acceptable use policy (AUP)

Answer 11

A policy that defines the actions users may perform while accessing systems and networking equipment.

Question 12

Personal email policy

Answer 12

A policy that covers using company email to send personal email messages, acceding personal email at a place of employment, and forwarding company emails to a personal email account.

Question 13

Social media policy

Answer 13

A policy that outlines acceptable employee use of social media.

Question 14

Service level agreement (SLA)

Answer 14

A contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service.

Question 15

Blanket purchase agreement (BPA)

Answer 15

A prearranged purchase or sale agreement between a government agency and a business.

Question 16

Memorandum of understanding (MOU)

Answer 16

An agreement between two or more parties to enable them to work together that is not legally enforceable but is more formal than an unwritten agreement.

Question 17

Interconnection security agreement (ISA)

Answer 17

An agreement between parties intended to minimize security risks for data transmitted across a network.

Question 18

Non-disclosure agreement (NDA)

Answer 18

A legal contract between parties that specifies how confidential material will be shared between the parties but restricted to others.

Question 19

Background check

Answer 19

Authenticating the information supplied to a potential employer by a job applicant in the applicants resume, application, and interviews.

Question 20

Exit interview

Answer 20

A “wrap-up” meeting between management representatives and the person leaving an organization.