CIS4360 Chapter 14 Flashcards

1
Q

IT Security

A

A process used to ensure and maintain appropriate levels of Confidentiality, Integrity and Availability of the resources within a System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name Three Fundamental Questions IT Security strives to answer.

A

What assets do we need to protect?
How are those assets threatened?
What can we do to counter those threats?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

List the steps used to address the three fundamental questions.

A

Determine security objectives and risk
Perform risk assessment
Select suitable controls, plans and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

List the Key National and International standards that govern IT Security

A

ISO and NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

List the four steps in the iterative security management process.

A

Plan, Do, Check, Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Plan

A

Establish security policy, objectives, processes and procedures.

Perform risk assessment
Develop risk treatment plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Do

A

Implement the risk treatment plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Check

A

Monitor the risk treatment plan

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Act

A

Maintain and improve the information security risk management process. Respond to incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List four processes to identifying IT risks

A

Baseline Approach
Informal Approach
Detailed risk analysis
Combined Approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the IS013335 recommend approach to identifying IT risks?

A

Combined Approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the steps in detailed risk analysis?

A
Prepare for assessment
Identify threat sources
identify vulnerabilities and predisposing conditions
determine likelihood of occurrence
determine magnitude of impact
determine risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Asset

A

A system resource of value to its own requiring protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Threat

A

A source that with the potential to exploit a vulnerability in an asset that could compromise security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Vulnerability

A

A flow or weakness in an assets or its management that could be exploited by a threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Risk

A

The potential of loss determined by the likelihood that such event would occur and the magnitude of the damage caused in the event that it does occur.