Chapter 2 - Risk Flashcards
Privacy Addressed?
Must be addressed when allowing or restricting personal email use, retaining email, recording phone conversations, gathering info about surfing or spending habits, etc.
Risk Analysis
○ Asset - anything to be protected, anything used in business process or task
○ Asset Valuation - $ amount assigned to asset based on actual cost and nonmonetary expenses
○ Threats - any potential occurrence that may cause an undesirable or unwanted outcome for an org or for a specific asset
○ Vulnerability - weakness in an asset or absence or weakness of safeguard
○ Exposure - being susceptible to asset loss because of a threat
○ Risk - possibility or likelihood that a threat will exploit a vuln to cause harm to an asset.
○ Safeguards/Countermeasure - anything that removes or reduces a vuln or protects against on or more threats.
○ Attack - exploitation of a vuln by a threat agent
Breach - security mechanism bypassed or thwarted by threat agent
Controls Gap
Difference between risk and residual risk.
Amount of risk reduced by implementing safeguards
Risk Mgmt Framework
- Categorize - Information systems
- Select - Security controls
- Implement - Security controls
- Assess - Security controls
- Authorize - Information system
- Monitor - Security controls
