Chapter 2: Asset Security

Question 1

What is UBA ?

Answer 1

User Behavior Analytics

Question 2

What is UEBA ?

Answer 2

User and Entity Behavior Analytics

Question 3

What’s a VMS ?

Answer 3

Vendor Management System

Question 4

What is Compliance ?

Answer 4

The act of confirming to or adhering to rules, policies, regulations, standards or requirements.

Question 5

What is PCI DSS ?

Answer 5

Payment Card Industry Data Security Standard

Question 6

What is HIPAA ?

Answer 6

Health Insurance Portability and Accountability Act

Question 7

What does SOX stands for?

Answer 7

Sarbanes-Oxley Act of 2002

Question 8

What does GDPR stand for?

Answer 8

General Data Protection Regulation

Question 9

What is the goal of Risk Management?

Answer 9

Reduce Risk to an acceptable level.

Question 10

Define Asset

Answer 10

Anything used in a business process or task.

Question 11

What is AV ?

Answer 11

Asset Value

Question 12

Define Threat

Answer 12

Any potential occurrence that may cause an undesirable or unwanted outcome for an organization or specific asset.

Question 13

What is EF ?

Answer 13

Exposure Factor

Question 14

Formula - - Risk = ??

Answer 14

Threat * Vulnerability

Question 15

What is covered by NIST 800-30r1 Appendices D & E ?

Answer 15

Threat Sources & Threat Events

Question 16

What kind of risk analysis assigns intangible values to the loss of an asset?

Answer 16

Qualitative Risk Analysis

Question 17

Name some techniques for Qualitative Risk Analysis.

Answer 17

Brainstorming, Storyboarding, Focus Group, Survey, Checklist, Questionnaire, Interviews, Mtgs, Scenarios, Delphi Technique

Question 18

What is the Delphi Technique ?

Answer 18

Using a series of rounds of questionnaires to gather data from experts.

Question 19

What are the formulae to calculate before examining counter-measures in Quantitative Risk Analysis?

Answer 19

AV * EF = SLE
SLE * ARO = ALE