Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CyberSecurity > Chapter 2 Personnel Security and Risk Management Concepts > Flashcards

Chapter 2 Personnel Security and Risk Management Concepts Flashcards

1
Q

________ is the collection of practices related to supporting, defining, and
directing the security efforts of an organization.

A

Security governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Any potential occurrence that may cause an undesirable or unwanted outcome
for an organization or for a specific asset

Threats
Vulnerability
Exposure
Risk
Attack
Breach
A

Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The weakness in an asset or the absence or the weakness of a safeguard or
countermeasure

Threats
Vulnerability
Exposure
Risk
Attack
Breach
A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

being susceptible to asset loss

Threats
Vulnerability
Exposure
Risk
Attack
Breach
A

Exposure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

possibility or likelihood that a threat will exploit a vulnerability to cause
harm to an asset

Threats
Vulnerability
Exposure
Risk
Attack
Breach
A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

any intentional attempt to exploit a vulnerability of an organization’s security
infrastructure to cause damage, loss, or disclosure of assets.

Threats
Vulnerability
Exposure
Risk
Attack
Breach
A

Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

the occurrence of a security mechanism being bypassed or thwarted by a threat agent.

Threats
Vulnerability
Exposure
Risk
Attack
Breach
penetration
A

Breach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

the percentage of loss that an organization would experience if a specific asset were violated by a realized risk.

Exposure Factor
Single Loss Expectancy
Annualized Rate of Occurrence
Annualized Loss Expectancy

A

Exposure Factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

the cost associated with a single realized risk against a specifi c asset. It indicates
the exact amount of loss an organization would experience if an asset were harmed by a
specific threat occurring.

Exposure Factor
Single Loss Expectancy
Annualized Rate of Occurrence
Annualized Loss Expectancy

A

Single Loss Expectancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

the expected
frequency with which a specifi c threat or risk will occur (that is, become realized) within
a single year.

Exposure Factor
Single Loss Expectancy
Annualized Rate of Occurrence
Annualized Loss Expectancy

A

Annualized Rate of Occurrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

the possible yearly
cost of all instances of a specific realized threat against a specific asset.

Exposure Factor
Single Loss Expectancy
Annualized Rate of Occurrence
Annualized Loss Expectancy

A

Annualized Loss Expectancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Security controls, countermeasures, and safeguards can be implemented ______, _______ and __________ .

A

administratively,

logically/technically, or physically

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AV * EF =

ARO
SLE
ALE

A

SLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

SLE * ARO =

ARO
SLE
ALE

A

ALE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

threats * vulnerabilities * asset value =

A

total risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

total risk – controls gap =

A

residual risk

17
Q

In which step of the RMF does information system operation based on a determination of the risk to
organizational operations and assets, individuals, other organizations, and the Nation
resulting from the operation of the information system and the decision that this risk
is acceptable.

A

Authorize

18
Q

In which step of the RMF is the security controls and describe how the controls are employed within
the information system and its environment of operation.

A

Implement

19
Q

In which step of the RMF does the information system and the information processed, stored, and transmitted by that system based on an impact analysis.

A

Categorize

20
Q

In which step of the RMF does the security controls in the information system on an ongoing basis including assessing control effectiveness, documenting changes to the system or its environment of operation, conducting security impact analyses of the associated changes, and reporting the security state of the system to designated organizational officials.”

A

Monitor

21
Q

In which step of the RMF does information system operation based on a determination of the risk to
organizational operations and assets, individuals, other organizations, and the Nation resulting from the operation of the information system and the decision that this risk is acceptable.

A

Authorize

22
Q

In which step of the RMF does an initial set of baseline security controls for the information system based on the security categorization; tailoring and supplementing the security control baseline
as needed based on an organizational assessment of risk and local conditions.

A

Select

23
Q

The six major elements of quantitative risk analysis

A
  1. Inventory assets, and assign a value (asset value, or AV). (Asset value is detailed further in a later section of this chapter named “Asset Valuation.”)
  2. Research each asset, and produce a list of all possible threats of each individual asset. For each listed threat, calculate the exposure factor (EF) and single loss expectancy (SLE).
  3. Perform a threat analysis to calculate the likelihood of each threat being realized
    within a single year—that is, the annualized rate of occurrence (ARO).
  4. Derive the overall loss potential per threat by calculating the annualized loss expectancy (ALE).
  5. Research countermeasures for each threat, and then calculate the changes to ARO and ALE based on an applied countermeasure.
  6. Perform a cost/benefit analysis of each countermeasure for each threat for each asset. Select the most appropriate response to each threat.
24
Q

Calculating Safeguard Cost/Benefit

A

ALE before safeguard – ALE after implementing the safeguard – annual cost of safeguard (ACS) = value of the safeguard to the company

25
Q

Which step of the RMF is described below:

“information system operation based on a determination of the risk
to organizational operations and assets, individuals, other organizations, and
the Nation resulting from the operation of the information system and the
decision that this risk is acceptable.”

Categorize
Select
Implement
Assess
Authorize
Monitor
A

Authorize

26
Q

Which step of the RMF is described below:

” the security controls using appropriate assessment procedures to
determine the extent to which the controls are implemented correctly,
operating as intended, and producing the desired outcome with respect to
meeting the security requirements for the system.”

Categorize
Select
Implement
Assess
Authorize
Monitor
A

Assess

27
Q

Which step of the RMF is described below:

“the information system and the information processed, stored, and transmitted by that system based on an impact analysis.”

Categorize
Select
Implement
Assess
Authorize
Monitor
A

Categorize

28
Q

Which step of the RMF is described below:

“the security controls and describe how the controls are employed within the information system and its environment of operation.”

Categorize
Select
Implement
Assess
Authorize
Monitor
A

Implement

29
Q

Which step of the RMF is described below:

“an initial set of baseline security controls for the information system based on
the security categorization; tailoring and supplementing the security control baseline
as needed based on an organizational assessment of risk and local conditions.”

Categorize
Select
Implement
Assess
Authorize
Monitor
A

Select

30
Q

Which step of the RMF is described below:

“the security controls in the information system on an ongoing basis including assessing control effectiveness, documenting changes to the
system or its environment of operation, conducting security impact analyses
of the associated changes, and reporting the security state of the system to
designated organizational officials.”

Categorize
Select
Implement
Assess
Authorize
Monitor
A

Monitor

31
Q

_______ is a more detailed endeavor in which students/users learn much more than they actually need to know to perform their work tasks.

Awareness
Training
Education

A

Education

32
Q

__________ establishes
a common baseline or foundation of security understanding across the entire organization and focuses on key or basic topics and issues related to security that all employees must understand and comprehend.

Awareness
Training
Education

A

Awareness

33
Q

_______ is teaching employees to perform their work tasks and to comply with the security policy.

Awareness
Training
Education

A

Training

CyberSecurity (21 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions