Chapter 2 Flashcards

1
Q

SECURITY’S PRIMARY OBJECTIVE IS TO?

A

MANAGE RISKS BY BALANCING THE COST OF PROTECTION MEASURES TO THE BENEFIT OF THOSE MEASURES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

THERE ARE SIX STEPS IN THE RISK ASSESSMENT PROCESS, NAME THEM

A
  1. IDENTIFY AND VALUE ASSESTS
  2. IDENTIFY THREATS
  3. DETERMINE THE VULNERABILITIES
  4. IMPACT OF A LOSS EVENT
  5. ANALYSIS AND PRIORITIZATION
  6. MITIGATION BASELINE APPROACH
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ASSESTS CAN BE CATEGORIZED INTO THREE CATEGORIES NAME THEM

A
  1. TANGIBLE
  2. INTANGIBLE
  3. MIXED
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ASSETS CAN BE VALUED USING TWO METHODS NAME THEM

A
  1. RELATIVE VALUE

2. COST OF LOSS FORMULA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

THREATS CAN BE CHARACTERIZED AS (3 THINGS)

A
  1. NATURAL
  2. INTENTIONAL
  3. INADVERTENT
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

WHAT IS A VULNERABILITY?

A

IT’S A GAP OR WEAKNESS THAT ALLOWS A THREAT TO COMPROMISE AN ASSET OR FUNCTION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

WHICH ALLOWS THE ORGANIZATION SOME LEVEL OF CONTROL, A THREAT OR VULNERABILITLY ?

A

VULNERABILITY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

IMPACT IS USUALLY MEASURED IN ?

A

FINANCIAL TERMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ANALYZING RISK CAN BE ACHIEVED IN 2 STEPS ?

A
  1. CALCULATION OF IMPACT

2. PRIORITIZATING THE IDENTIFIED RISKS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ONE APPROACH TO DETERMINING RISK RESULTS USES A BASIC RISK FORMULA WHAT IS IT ?

A

(THREAT X VULNERABILITY X IMPACT) 1/3 = RISK

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

DETERMINING MITIGATION MEASURES CAN BE DONE USING 4 STEPS

A
  1. SELECT
  2. TEST
  3. IMPLEMENT
  4. TRAIN
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

WHATS THE DIFFERENCE BETWEEN QUALITATIVE AND QUANTITATIVE ASSESSMENTS?

A

QUALITATIVE USES A GENERAL RANGE

QUANTITATIVE USES SPECIFIC NUMERICAL VALUES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

WHAT ARE THE 5 METHODS OF ADDRESSING RISK

A
  1. RISK AVOIDANCE
  2. RISK SPREADING
  3. RISK TRANSFER
  4. RISK REDUCTION
  5. COMBINATION OF ANY OR ALL
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

WHAT IS A SECURITY SURVEY?

A

IT’S A THOROUGH EXAM OF A FACILITY, ITS OPERATIONS, SYSTEMS, AND PROCEDURES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A COST BENEFIT ANALYSIS TYPICALLY CONSISTS OF 3 FACTORS

A
  1. COST
  2. RELIABILITY
  3. DELAY
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

WHAT ARE THREE SURVEY APPROACHES

A
  1. OUTSIDE-IN
  2. INSIDE-OUT
  3. FUNCTIONAL
17
Q

A SWOT ANALYSIS FOCUSES ON WHAT 4 THINGS

A
  1. STRENGTHS
  2. WEAKNESSES
  3. OPPORTUNITIES
  4. THREATS
18
Q

WHAT ARE 5 CRITERIA OF A SECURITY REPORT?

A
  1. ACCURATE
  2. CLARITY
  3. CONCISE
  4. TIMELINESS
  5. CONSIDER SLANT OR PITCH
19
Q

WHAT ARE 4 THINGS THAT AUTOMATED TOOLS ARE GOOD AT ?

A

PROCESSING, ANALYZING, COMPARING, STORING LARGE AMOUNTS OF DATA

20
Q

WHAT IS 1 THING THAT AN AUTOMATED TOOL IS NOT GOOD AT ?

A

ASSESSING THE INTANGIBLE FACTORS IN THE ASSESSMENT PROCESS