Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP D1 > Domain 1 > Flashcards

Domain 1 Flashcards

1
Q

What is a Threat

A

potentially harmful occurrance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what is a vulnerability

A

weakness that allows a threat to cause harm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Formula for Risk

A

Risk = threat x vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is impact

A

severity of the damage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How to calculate ALE (Annualized Loss Expectancy)

A

Single Loss expectancy x annual rate of occurancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Quantitative Risk

A

uses hard metrics, such as dollars (quantity)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the NIST for Risk Management

A

800-30

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Policy

A

High level management directive, also mandatory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Components of a Policy

A

Purpose, scope, responsibilities and compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NIST for Policy type

A

800-12

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Three types of Policy

A

Program, issue-specific and system specific

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Procedure

A

step by step guide

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Standard

A

describe specific use of technology, mandatory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Guidelines

A

recommendations (discretionary)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Baseline

A

minimum security (discretionary)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Senior Management

A

ensuring organization assets are protected

17
Q

Data Owner

A

Determine data sensitivity labels, perform management duties

18
Q

Data Custodian

A

data backup, restoration, patches, config anti-virus

19
Q

HIPAA

A

Health Insurance

20
Q

SOX (Sarbanes-Oxley)

A

Protects publicly traded data

21
Q

GLBA (Gramm-Leach-Bliley Act)

A

Protects financial information

22
Q

What is OCTAVE

A

describes 3 phase process for managing risk

23
Q

Octave Phase 1

A

ID staff knowledge, assets and threats

24
Q

Octave Phase 2

A

ID vulnerabilities and evaluates safeguard

25
Q

Octave Phase 3

A

Risk analysis and mitigation strategies

26
Q

ISO 17799 was renumbered to

A

ISO 27002 in 2005

27
Q

ISO 27002 describes what?

A

information security best practices

28
Q

ISO 27001 describes what?

A

process for auditing those best practices of 27002

29
Q

What is COBIT?

A

control framework, provides management with a governance model

30
Q

COBIT has how many processess

A

34 IT processess

31
Q

ITIL (Information Tech Infrastructure Library)

A

framework for providing best services in IT Service Management (ITSM)

CISSP D1 (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions