Chapter 15 - Risk Mitigation Flashcards
Threat assessment
Determining what threats an enterprise may be facing.
Supply chain assessment
Determining the risk to a supply chain network that moves a product from the supplier to the customer.
Security control
Any device or process that is used to reduce risk.
Deterrent control
A control that attempts to discourage security violations before they occur.
Preventive control
A control that attempts to prevent the threat from coming in and reaching contact with the vulnerability.
Physical control
A control that implements security in a defined structure and location.
Detective control
A control that is designed to identify any threat that has reached the system.
Compensating control
A control that provides an alternative to normal controls that for some reason cannot be used.
Corrective control
Controls that are intended to mitigate or lessen the damage caused by an incident.
Security policy
A written document that states how an organization plans to protect the company’s information technology assets.
Acceptable use policy (AUP)
A policy that defines the actions users may perform while accessing systems and networking equipment.
Personal email policy
A policy that covers using company email to send personal email messages, acceding personal email at a place of employment, and forwarding company emails to a personal email account.
Social media policy
A policy that outlines acceptable employee use of social media.
Service level agreement (SLA)
A contract between a vendor and a client that specifies what services will be provided, the responsibilities of each party, and any guarantees of service.
Blanket purchase agreement (BPA)
A prearranged purchase or sale agreement between a government agency and a business.
