Chapter 8 Flashcards
Using Risk Management Tools
Threat
Any circumstance or event that has the potential to compromise confidentiality, integrity, or availability
Compare with risk and vulnerability
Malicious Human threats
Filler
Accidental Human Threats
Filler
Environmental Threats
Filler
Threat Assessment
An evaluation of potential threats
Some common types of threat assessments are environmental, man made, internal, and external
Environmental
Filler
Manmade
Filler
Internal
Filler
External
Filler
Vulnerability
A weakness
It can be a weakness in the hardware, the software, the configuration, or even the users operating the system
Compare with Risk and Threat
Risk Management
The practice of identifying, monitoring, and limiting risks to a manageable level
It includes risk response techniques, qualitative risk assessments, and quantitative risk assessments
Risk Response Techniques
Methods used to manage risks
Common risk response techniques are accept, transfer, avoid, and mitigate
Risk Assessment
A process used to identify and prioritize risks
It includes quantitative risk assessments and qualitative risk assessments
Asset Value
An element of a risk assessment
It identifies the value of an asset and can include any product, system, resource, or process
The value can be a specific monetary value or a subjective value
Quantitative Risk Assessment
A risk assessment that uses specific monetary amounts to identify cost and asset value
It then uses the SLE and ARO to calculate the ALE
SLE
Single loss expectancy
The monetary value of any single loss
It is used to measure risk with ALE and ARO in a quantitative risk assessment
The calculation is SLE x ARO = ALE
ARO
Annual (or annulaized) rate of occurance
The number of times a loss is expected to occur in a year
It is used to measure risk with ALE and SLE in a quantitative risk assessment
ALE
Annual (or annualized) loss expectancy
The expected loss for a year
It is used to measure risk with ARO and SLE in a quantitative risk assessment
The calculation is SLE x ARO = ALE
Qualitative Risk Assessment
A risk assessment that uses judgement to categorize risks
It is based on impact and likelihood of occurrence
Likelihood of Occurence
The probability that something will occur
It is used with impact in a qualitative risk assessment
Compare with Impact
Impact
The magnitude of harm related to a risk
It is the negative result of an event, such as the loss of confidentiality, integrity, or availability of a system or data
Compare with likelihood of occurrence
Web Server
Filler
Library Computer
Filler
Risk Register
A document listing information about risks
It typically includes risk scores along with recommended security controls to reduce the risk scores
Supply Chain Assessment
An evaluation of the supply chain needed to produce and sell a product
It includes raw materials and all the processes required to create and distribute a finished product
Password Cracker
A tool used to discover passwords
Network Scanner
A tool used to discover devices on a network, including their IP addresses, their operating system, along with services and protocols running on the devices
Ping Scan
Filler
ARP Ping Scan
Filler
SYN Stealth Scan
Filler