General Flashcards
What are two ways to measure risk?
Quantitative and Qualitative
Which risk response is also included when risk mitigation is performed?
Acceptance
This describes the probability of a threat being realized.
Likelihood
This describes the amount of loss during a one-year timespan.
Annualized Loss Expectancy (ALE)
This phase of the risk management life cycle identifies effective means by which identified risks can be reduced.
Control
A ____________ should include detailed descriptions of the necessary steps required to successfully complete a task.
Process
This function of the NIST CSF defines capabilities needed for the timely discovery of security incidents.
Detect
A formal mechanism designed to measure performance of a program against desired goals.
Key Performance Indicator (KPI)
Which cloud service type represents the lowest amount of responsibility for the customer?
SaaS
This describes when a customer is completely dependent on a vendor for products or services.
Vendor lock-in
This describes when a copy of vendor-developed source code is provided to a trusted third party, in case of disaster.
Source code escrow
This describes all of the suppliers, vendors, and partners needed to deliver a final product.
The Supply Chain
A set of cybersecurity standards developed by the United States Department of Defense (DoD) and designed to help fortify the DoD supply chain.
CMMC
True or False. The use of cloud service providers always reduces risk.
False
Which type of data can be used to identify an individual and includes information about past, present, or future health?
Protected Health Information (PHI)
Which type of data describes intangible products of human thought and ingenuity?
Intellectual Property (IP)
Which data destruction method is focused on the sanitization of the key used to perform decryption of data?
Crypto erase
Which concept identifies that the laws governing the country in which data is stored have control over the data?
Data sovereignty
A non-regulatory agency in the United States that establishes standards and best-practices across the entire science and technology field is known as:
NIST
What regulation enforces rules for organizations that offer services to entities in the European Union (EU) or that collect and/or analyze data on subjects located there?
GDPR
Which U.S. federal law is designed to protect the privacy of children?
COPPA
Which process is designed to provide assurance that information systems are compliant with federal standards?
Certification and Accreditation
This describes the identification of applicable laws depending on the location of the organization, data, or customer/subject.
Jurisdiction
What concept is often linked to the “prudent man rule”?
Due care