Mitigating Vulnerabilities Flashcards
Vulnerabilities must be prioritized and remediated
Remediation and Mitigation
Remediation
Remediation
There is no countermeasure put into place because the level of risk is low enough
or the risk doesn’t justify the cost to mitigate the associated risk
Risk Acceptance
Settings for services and policy configuration for a server operating in a particular
application role
Configuration Baselines
A not-for-profit organization that publishes the well-known “Top 20 Critical
Security Controls”
Center for Internet Security (CIS)
A type of security control that acts as a substitute for a principal control
Compensating Control
System Hardening
System Hardening
Identifying, testing, and deploying OS and application updates
Patch Management
Legacy System
Legacy System
A system owned by its developer or vendor where lack of vendor support may be
an inhibitor to remediation
Proprietary System
A system by which an organization makes and implements decisions in pursuit if
its objectives
Organizational Governance
A period of time when an organization’s way of doing operations is interrupted
Business Process Interruption
A period of time when an organization’s systems are not performing at peak
functionality, which could lead to business process interruption
Degrading Functionality
Usually a preliminary or exploratory agreement to express an intent to work
together that is not legally binding and does not involve the exchange of money
Memorandum of Understanding (MOU)
A contractual agreement setting out the detailed terms under which an ongoing
service is provided
Service Level Agreement (SLA)