Chapter 2 Flashcards
SECURITY’S PRIMARY OBJECTIVE IS TO?
MANAGE RISKS BY BALANCING THE COST OF PROTECTION MEASURES TO THE BENEFIT OF THOSE MEASURES
THERE ARE SIX STEPS IN THE RISK ASSESSMENT PROCESS, NAME THEM
- IDENTIFY AND VALUE ASSESTS
- IDENTIFY THREATS
- DETERMINE THE VULNERABILITIES
- IMPACT OF A LOSS EVENT
- ANALYSIS AND PRIORITIZATION
- MITIGATION BASELINE APPROACH
ASSESTS CAN BE CATEGORIZED INTO THREE CATEGORIES NAME THEM
- TANGIBLE
- INTANGIBLE
- MIXED
ASSETS CAN BE VALUED USING TWO METHODS NAME THEM
- RELATIVE VALUE
2. COST OF LOSS FORMULA
THREATS CAN BE CHARACTERIZED AS (3 THINGS)
- NATURAL
- INTENTIONAL
- INADVERTENT
WHAT IS A VULNERABILITY?
IT’S A GAP OR WEAKNESS THAT ALLOWS A THREAT TO COMPROMISE AN ASSET OR FUNCTION
WHICH ALLOWS THE ORGANIZATION SOME LEVEL OF CONTROL, A THREAT OR VULNERABILITLY ?
VULNERABILITY
IMPACT IS USUALLY MEASURED IN ?
FINANCIAL TERMS
ANALYZING RISK CAN BE ACHIEVED IN 2 STEPS ?
- CALCULATION OF IMPACT
2. PRIORITIZATING THE IDENTIFIED RISKS
ONE APPROACH TO DETERMINING RISK RESULTS USES A BASIC RISK FORMULA WHAT IS IT ?
(THREAT X VULNERABILITY X IMPACT) 1/3 = RISK
DETERMINING MITIGATION MEASURES CAN BE DONE USING 4 STEPS
- SELECT
- TEST
- IMPLEMENT
- TRAIN
WHATS THE DIFFERENCE BETWEEN QUALITATIVE AND QUANTITATIVE ASSESSMENTS?
QUALITATIVE USES A GENERAL RANGE
QUANTITATIVE USES SPECIFIC NUMERICAL VALUES
WHAT ARE THE 5 METHODS OF ADDRESSING RISK
- RISK AVOIDANCE
- RISK SPREADING
- RISK TRANSFER
- RISK REDUCTION
- COMBINATION OF ANY OR ALL
WHAT IS A SECURITY SURVEY?
IT’S A THOROUGH EXAM OF A FACILITY, ITS OPERATIONS, SYSTEMS, AND PROCEDURES
A COST BENEFIT ANALYSIS TYPICALLY CONSISTS OF 3 FACTORS
- COST
- RELIABILITY
- DELAY