Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Information System Security Management > Chapter 9 > Flashcards

Chapter 9 Flashcards

1
Q

What is Risk Management?

A

Discovering and assessing risks and how to mitigate them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are 4 key things to understand about risks:

A

-What is it?
-How bad is it?
-Should we treat it?
-How to treat it?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Risk Management Framwork and Process? (!!)

A

Risk Management Framework: The overall structure of planning and design of RM in the organization.

Risk Management Process: The implementation of RM, which happens at the “implementation” phase in the framework.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the 5 stages of the RM Framework: (!!)

A

1- Executive governance and support: acknowledgement and approval by seniors to proceed.

2- Design: designing and selecting a RM program.

3- Implementation: implementing the RM process.

4- Monitoring and review: monitoring the RM process cycle.

5- improvement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a “Gap Analysis”?

A

A comparison between the current and expected outcome of the program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Name the 6 phases in the RM Process: (!!)

A

1- Establishing the context: understanding the environment and process from the framework team.

2- Identifying the risk: includes self examination, then listing the threats and assets.

3- Analyzing the risk: assigning risk scores and understanding the impact of an attack.

4- Evaluating the risk: deciding if the risk should be treated.
If the risk is acceptable the process ends. If not, the next phase proceeds.

5- Treating the risk: protecting assets by modifying the protection methods, or using the help of third parties.

6- Summary of findings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

How is self examination of assets done? 3 steps:

A

1- Identify assets: using asset inventory to assemble different components/assets.

2- Classify and catagorize into groups: catagorizing based on sensitivity and security needs, by using “relative values”.

3- Prioritize: rank/order assets using a weighted table analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an information asset?

A

any asset that processes or collects valuable information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an Asset Inventory?

A

Its where organizations keep track of their different assets/components.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List 3 potential attributes to track an information asset:

A
  • Name
  • IP Address
  • MAC Address
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a relative value?

A

They are comparative judgements to know which assets have more priority, like:
- Which asset generates most income?
- Which asset is most expensive?
etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

how many general categories of threats/risks in InfoSec?

A

12

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is the goal of risk assessment?

A

Getting a risk score for a vulnurability of an asset

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Information System Security Management (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions