Domain 1 Flashcards
What is a Threat
potentially harmful occurrance
what is a vulnerability
weakness that allows a threat to cause harm
Formula for Risk
Risk = threat x vulnerability
What is impact
severity of the damage
How to calculate ALE (Annualized Loss Expectancy)
Single Loss expectancy x annual rate of occurancy
Quantitative Risk
uses hard metrics, such as dollars (quantity)
What is the NIST for Risk Management
800-30
What is Policy
High level management directive, also mandatory
Components of a Policy
Purpose, scope, responsibilities and compliance
NIST for Policy type
800-12
Three types of Policy
Program, issue-specific and system specific
Procedure
step by step guide
Standard
describe specific use of technology, mandatory
Guidelines
recommendations (discretionary)
Baseline
minimum security (discretionary)
Senior Management
ensuring organization assets are protected
Data Owner
Determine data sensitivity labels, perform management duties
Data Custodian
data backup, restoration, patches, config anti-virus
HIPAA
Health Insurance
SOX (Sarbanes-Oxley)
Protects publicly traded data
GLBA (Gramm-Leach-Bliley Act)
Protects financial information
What is OCTAVE
describes 3 phase process for managing risk
Octave Phase 1
ID staff knowledge, assets and threats
Octave Phase 2
ID vulnerabilities and evaluates safeguard
