Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

IS3110 RISK MANAGEMENT > IS3110 CHAP 1 > Flashcards

IS3110 CHAP 1 Flashcards

1
Q

Which of the following properly defines risk?

  1. Threat x Mitigation
  2. Vulnerability x Controls
  3. Controls - Residual Risk
  4. Threat x Vulnerability
A

Threat x Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following properly defines total risk?

  1. Threat - Mitigation
  2. Threat x Vulnerability x Asset Value
  3. Vulnerability - Controls
  4. Vulnerability x Controls
A

Threat x Vulnerability x Asset Value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You can completely eliminate risk in an IT environment.

TRUE OR FALSE

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following are accurate pairings of threat categories? (Select Two)

  1. External and Internal
  2. Natural and supernatural
  3. Intentional and accidental
  4. Computer and user
A

External and Internal
AND
Intentional and accidental

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A loss of client confidence or public trust is an example of loss of ___.

A

Intangible value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A ___ is used to reduce a vulnerability.

A

RISK MANAGEMENT PLAN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

As long as a company is profitable, it does not need to consider survivability.
TRUE OR FALSE

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the primary goal of an information security program?

  1. Eliminate losses related to employee actions
  2. Eliminate losses related to risk
  3. Reduce losses related to residual risk
  4. Reduce losses related to loss of confidentiality, integrity, and availability
A

Reduce losses related to loss of confidentiality, integrity, and availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The ___ is an industry-recognized standard list of common vulnerabilities.

A

CVE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following is a goal of a risk management?

  1. Identify the correct cost balance between risk and controls
  2. Eliminate risk by implementing controls
  3. Eliminate the loss associated with risk
  4. Calculate value associated with residual risk
A

Identify the correct cost balance between risk and controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

If the benefits outweighs the cost, a control is implemented. Costs and benefits are identified by completing a ___.

A

COST BENEFIT ANALYSIS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A company decides to reduce losses of a threat by purchasing insurance. This is known as risk ___.

A

Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What can you do to manage risk? (Select three)

  1. Accept
  2. Transfer
  3. Avoid
  4. Migrate
A

Accept
Transfer
Avoid

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You have applied controls to minimize risk in the environment. What is the remaining risk called?

  1. Remaining Risk
  2. Mitigated risk
  3. Managed Risk
  4. Residual Risk
A

Residual Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Who is ultimately responsible for losses resulting from residual risk?

  1. End users
  2. Technical staff
  3. Senior Management
  4. Security personnel
A

Senior Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A technique used to manage risk.
When the cost to reduce the risk is greater than the potential loss, the risk is accepted.
A risk is also accepted if management considers the risk necessary and tolerable for business

A

ACCEPT

17
Q

Ensuring that data or a service is available when needed. Data and services are protected using fault tolerance and redundancy techniques

A

AVAILABILITY

18
Q

A technique used to manage risk.
A risk can be avoided by eliminating the source of the risk or eliminating the exposure of assets to the risk.
A company can either stop the risk activity or move the asset.

A

AVOID

19
Q

Database of vulnerabilities maintained by the MITRE Corporation
MITRE works in conjunction with the US Dept of Homeland Security

A

CVE

20
Q

Protecting data from unauthorized disclosure. Data is protected using access controls and encryption technologies.

A

CONFIDENTIALITY

21
Q

An action or change put in place to reduce a weakness or potential loss. A control is also referred to as a countermeasure

A

CONTROL

22
Q

A process used to determine how to manage a risk.
If the benefits of a control outweigh the costs, the control can be implemented to reduce the risk. If the costs are greater than the benefits, the risk can be accepted.

A

COST-BENEFIT ANALYSIS (CBA)

23
Q

The amount of the loss resulting from a threat exploiting a vulnerability. The loss can be expressed in monetary terms or a relative value. The impact identifies the severity of the loss. Impact is derived from the opinions of experts.

A

IMPACT

24
Q

Value that isn’t directly related to the actual cost of a physical asset. Intangibles can include future lost revenue, client confidence, and customer influence.

A

INTANGIBLE VALUE

25
Q

Ensuring data or IT systems are not modified or destroyed. Hashing is often used to ensure integrity

A

INTEGRITY

26
Q

One of the techniques used to manage risk. Mitigation is also known as risk reduction. Vulnerabilities are reduced by implementing controls or countermeasures

A

MITIGATE

27
Q

The ability of a company to make a profit.

It is calculated as revenues minus costs. Risk management considers both profitability and survivability

A

PROFITABILITY

28
Q

A judgement test that a company can apply to determine if the risk should be managed. If a reasonable person would expect the risk to be managed, it should be managed.

A

REASONABLENESS

29
Q

The risk that remains after controls have been applied. This is also referred to as acceptable risk.

A

RESIDUAL RISK

30
Q

A process used to identify and evaluate risks based on an analysis of threats and vulnerabilities to assets. Risks are quantified based on their importance or impact severity. These risks are then prioritized.

A

RISK ASSESSMENT

31
Q

The practice of identifying, assessing, controlling, and mitigating risks. Techniques to manage risk include avoiding, transferring, mitigating, and accepting the risk.

A

RISK MANAGEMENT

32
Q

The ability of a company to survive loss due to a risk. Some losses can be so severe they will cause the business to fail if not managed.

A

SURVIVABILITY

33
Q

The actual cost of an asset

A

TANGIBLE VALUE

34
Q

Any activity that represents a possible danger. This includes any circumstances or events with the potential to adversely impact confidentiality, integrity, or availability of a business’s assets

A

THREAT

35
Q

The amount of risk when the affected asset value is known. It is often expressed as:
Threat x Vulnerability x asset value = ___

A

TOTAL RISK

36
Q

One of the techniques used to manage risk. The risk is transferred by shifting responsibility to another party. This can be done by purchasing insurance or outsourcing the activity

A

TRANSFER

37
Q

A weakness or exposure to a threat.

The weakness can be weakness in an asset or the environment. It can be mitigated with a control

A

VULNERABILITY

IS3110 RISK MANAGEMENT (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions