Module 2 Flashcards
What is risk?
Risk: A measure of the extent to which an entity is threatened by a potential circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance
or event occurs; and (ii) the likelihood of occurrence.
What is residual risk?
Residual risk: portion of risk remaining after security measures have been applied
What is NIST’s phases and descriptions?
NIST Cybersecurity Framework (CSF) phases and descriptions:
● Govern: Covers people, process, and technology elements. It includes roles,
responsibilities, policies, procedures, and oversight, in addition to the technology
● Identify: Asset management, business environment, governance, risk assessment,
risk management strategy
● Protect: Access control, awareness training, data security, information protection
processes and procedures, maintenance, protective technology
● Detect: Anomalies and events, security continuous monitoring, detection processes
● Respond: Response planning, communications, analysis, mitigation, improvements
● Recover: Recovery planning, improvements, communications
What does govern mean?
Govern: Covers people, process, and technology elements. It includes roles,
responsibilities, policies, procedures, and oversight, in addition to the technology
What does identify mean?
Identify: Asset management, business environment, governance, risk assessment,
risk management strategy
What does protect mean?
Protect: Access control, awareness training, data security, information protection
processes and procedures, maintenance, protective technology
What does detect mean?
Detect: Anomalies and events, security continuous monitoring, detection processes
What does respond mean?
Respond: Response planning, communications, analysis, mitigation, improvements
What does recover mean?
Recover: Recovery planning, improvements, communications
What is risk framing?
Risk framing: The set of assumptions, constraints, risk tolerances, and
priorities/trade-offs that shape an organization’s approach for managing risk
What does assessing risk mean?
Assessing risk: Identifying, prioritizing, and estimating the risks to corporate assets.
What is responding to risk?
Responding to risk: Organization determines the appropriate approach to
addressing an identified risk.
What is monitoring risk?
Monitoring risk: Monitoring the effectiveness of implemented risk controls and compliance-focused measures.
What is RMF?
RMF: A structured approach used to oversee and manage risk for an enterprise.
What is an assest?
Asset: An item of value to stakeholders.
An asset may be tangible (e.g., a physical item such as hardware, firmware, computing platform, network device, or other technology component) or intangible (e.g., humans, data, information, software, capability, function, service, trademark, copyright, patent, intellectual property, image, or reputation).
The value of an asset is determined by stakeholders in consideration of loss concerns across
the entire system life cycle. Such concerns include but are not limited to business or
mission concerns.
What is a threat?
Threat: Any circumstance or event with the potential to adversely impact organizational
operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service. Also, the potential for a threat-source to successfully exploit a particular information system vulnerability.
What is risk?
Risk: A measure of the extent to which an entity is threatened by a potential
circumstance or event, and typically a function of: (i) the adverse impacts that would arise if the circumstance or event occurs; and (ii) the likelihood of occurrence.
what is vulnerability?
Vulnerability: Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.
what does exploit mean?
Exploit: a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware. An exploit is not malware itself, but rather it is a method used by cybercriminals to deliver malware.
What is Rogue access point?
Rogue access point is an unauthorized access point connected to a network.