Chapter 8 - Using Risk Management Tools Flashcards
What are inherent risks?
Inherent risks are risks that exist before controls are put in place.
What are residual risks?
Residual risks are risks that exist after the controls are put in place.
What are control risks?
Control risks are risks that require additional control to be implemented because the current controls are not appropriately addressing the rest.
What is a risk avoidance management strategy?
The risk avoidance strategy mitigates risk by avoiding the activity or action that causes the risk in the first place.
What is a risk mitigation management strategy?
The risk mitigation strategy mitigates risk by implementing controls to either reduce risk, by reducing vulnerabilities, and or by reducing the impact of the threat.
What is a risk transference management strategy?
The risk transference strategy mitigates risk by transferring risk to another entity, such as an insurance company, or cybersecurity insurance (data loss, network damage).
What are risk control assessments?
Risk control assessments aim to assess controls and their ability to adequately address a risk. This is normally done by a third party.
What is a risk control self-assessment?
A risk control self-assessment is the same as a risk control assessment except for it is performed by employees internally. This can pose a conflict of interest if the same employee that installed the control is asked to assess it.
What is SLE and how is it calculated?
Single loss expectancy is the cost of any single loss.
SLE = ALE/ARO
Single Loss Expectancy = Annual Loss Expectancy / Annual Rate of Occurrence
What is ARO and how is it calculated?
Annual Rate of Occurrence is how often a loss occurs in a year. Important to note, if the ARO is less than 1, it is treated as a percentage. (ARO is .5 if the ARO is once every 2 years).
ARO=ALE/SLE
What is ALE and how is it calculated?
Annual Loss Expectancy is the amount that can be expected to be lost in a year.
ALE=SLE*ARO
What is a risk register?
A risk register is a living document that lists all known risks for a system or an organization. It will either present as a table or a log.
What is a risk matrix?
A risk matrix is a graphical or chart representation of risk. The same goes for a risk heat map, except they use colors to represent risks.
What are the two types of reports that threat feeds use?
Structured Threat Information eXpression (STIX)
Unstructured Reports (White papers, word documents, pdf)
What is TTP?
Tactics, Techniques, and Procedures refer to an attacker’s method when exploiting a target.
Tactics: High-level descriptions of behavior
Techniques: A more detailed description of behavior in the context of the tactics.
Procedures: Are even more granular description in the context of techniques
What is intelligence fusion?
Intelligence fusion is the combining of internal intelligence data (logs, historical data), and external data (threat feed, OSINT) to create a picture of likely threats and the risk they pose.
What is ARP ping scan?
ARP ping is used in network scans, if a host responds to the ARP ping it is then known that a host is available at the IP address.
What is a Syn stealth scan?
A Syn stealth scan sends an SYN packet to a range of IP addresses in a network. Any host that responds to this initial SYN packet is then known that a host is available at the IP address. The scan closes out the TCP 3-way handshake with a rest packet.
Why would you run a port scan?
Port scans are run to identify which ports are open and hints
at the protocol running on the machine.
For example, if port 21 is open you know that this maybe a file server and it’s allowing unencrypted traffic.
Why use a service can?
A service scan is used to verify what protocol or service is actually running on the system.
After running a port scan, you would then run a service can to verify the service running on the port.
What is TCP/IP fingerprinting?
TCP/IP fingerprinting also known as OS detection is used to verify the OS that is running on a machine. This is done by analyzing packets form a n IP address.