Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Certified In Cybersecurity (CC) ISC2 > Module 2 > Flashcards

Module 2 Flashcards

1
Q

An asset

A

Anything of value that is owned by an organization. It is something in need of protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A vulnerability

A

Weakness in an information system, system security procedures, internal controls or implementation that could be exploited by a threat source.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A threat

A

Any circumstance or event with the potential to adversely impact organizational operations
Something or someone that aims to exploit a vulnerability to thwart protection efforts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk assessment

A

Is defined as the process of identifying , estimating and prioritizing risks to an organization’s operations( including its mission, functions, image and reputation), assets, individuals, other organizations and even the nation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk treatment

A

Relates to making decisions about the best actions to take regarding the identified and prioritized risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The four options to commonly used to respond to risk are :
1.Acceptance

A

Risk acceptance is taking no action to reduce the likelihood of a risk occurring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. Transfer
A

Risk transference is the practice of passing the risk to another party, who will accept the financial impact of the harm resulting from a risk being realized in exchange for payment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

3.Mitigation

A

Risk mitigation is the most common type of risk management and includes taking actions to prevent or reduce the possibility of a risk event or it’s impact.
Mitigation can involve remediation measures, or controls, such as security controls, establishing policies, procedures and standards to minimize adverse risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

4.Avoidance

A

Risk avoidance is the decision to attempt to eliminate the risk entirely. This could include ceasing operation for some or all of the activities of the organization that are exposed to particular risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Qualitative Risk analysis

A

A method for risk analysis that is based on the assignment of a descriptor such as low, medium or high.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Quantitative risk analysis

A

A method for risk analysis where numerical values are assigned to both impact and likelihood based on statistical probabilities and monetarized valuation of loss or gain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk Tolerance

A

The level of risk an entity is willing to assume in order to achieve a potential desired result.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Certified In Cybersecurity (CC) ISC2 (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions