General Security Concepts 1.1 Flashcards

1
Q

A statement of desired results or purpose to be achieved by implementing a control or set of controls

A

Control Objective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The design and implementation of multiple overlapping layers of diverse controls

A

Defense-in-depth (layered security)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Eliminating unnecessary baseline recommendations that are not applicable

A

Scoping

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Customizing baseline recommendation to align with organizational requirements

A

Tailoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Substituting a recommended baseline control with a similar control

A

Compensating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Augmenting(adding to) the baseline recommendation

A

Supplementing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Control baseline should be proportionate to the criticality and sensitivity classifications of the asset being protected

A

Principle of Proportionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Process of comparing the estimated cost and benefits to determine whether it makes sense to proceed from a business perspective

A

Cost-Benefit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When the cost and benefit are about the same, a return on investment(ROI) analysis is needed to determine whether the cost is justified

A

Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Tactics,mechanisms, or strategies that proactively minimize risk in one or more of the following ways.
-reduces or eliminates a vulnerability
-reduces or eliminates the likelihood that a threat actor will be able to exploit a vulnerability.
reduces or eliminates the impact of an exploit.

A

Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A measure of confidence that intended security controls are effective in their application

A

Assurance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How well a control works.
Reflects the controls consistent, complete, reliable, and timely operation.

A

Effectiveness

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What a control does

A

Functionality

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Controls implemented to address a specific threat

A

Countermeasure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Serves as a starting point and should be strategically aligned with the needs of the organization

A

Control Baseline

How well did you know this?
1
Not at all
2
3
4
5
Perfectly