Chpt 2

Question 1

What is the equation for ALE?

Answer 1

ALE = Annual Loss Expectancy
ALE= SLE x ARO

Question 2

What is the equation for safeguard evaluation?

Answer 2

Safeguard Evaluation = ALE before safeguard - ALE after safeguard - annual cost of safeguard.

(ALE1 - ALE2) - ACS = safeguard evaluation.

Question 3

What are the 6 administrative control types?

Answer 3

1. Preventative
2. Detective
3. Corrective
4. Deterrent
5. Recovery
6. Directive

Question 4

What is the difference between training and education?

Answer 4

Training is basic for every employee to comply with standards in security policy.

Education is more detailed and above and beyond what they need to know. Usually for advancement or promotion.

Question 5

What are the six steps of management framework?

Answer 5

CSIAAM

1. Categorize
2. Select
3. Implement
4. Assess
5. Authorize
6. Monitor

Question 6

How do you calculate SLE?

Answer 6

SLE = AV x EF

SLE = assets value * exposure factor

Question 7

Define overall risk management

Answer 7

The process of identifying factors that could damage or disclose data.

Question 8

What is it called when there is an absence or weakness of a safeguard or countermeasure?

Answer 8

A vulnerability

Question 9

What is it called when there are accidental or intentional exploitation’s of vulnerabilities?

Answer 9

Threat events

Question 10

What is it called when there is a logical and practical investigation of buisness processes and organizational policies?

Answer 10

Documentation review

Question 11

What is the primary focus of the exit interview?

Answer 11

To go over the NDA.

Question 12

What is the first step in hiring new employees?

Answer 12

Creating a job description.

Question 13

When working on a quantitative risk analysis, adjusting a countermeasure changes what factor?

Answer 13

ARO