Quick Tips 3 Flashcards

1
Q

BLANK can be transferred, avoided, reduced, or accepted.

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Threats × vulnerability × asset value = BLANK.

A

total risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

(Threats × vulnerability × asset value) × controls gap = BLANK.

A

residual risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

The main goals of BLANK are the following: identify assets and assign values to them, identify vulnerabilities and threats, quantify the impact of potential threats, and provide an economic balance between the impact of the risk and the cost of the safeguards.

A

risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

BLANK is a method for determining functions, identifying functional failures, and assessing the causes of failure and their failure effects through a structured process.

A

Failure Modes and Effect Analysis (FMEA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A BLANK is a useful approach to detect failures that can take place within complex environments and systems.

A

fault tree analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A BLANK attempts to assign monetary values to components within the analysis.

A

quantitative risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A purely quantitative risk analysis is not possible because BLANK cannot be quantified with precision.

A

qualitative items

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Capturing the BLANK when carrying out a risk analysis is important, because it indicates the level of confidence the team and management should have in the resulting figures.

A

degree of uncertainty

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

BLANK reduce the amount of manual work involved in the analysis. They can be used to estimate future expected losses and calculate the benefits of different security measures.

A

Automated risk analysis tools

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Single loss expectancy × frequency per year = BLANK.

A

annualized loss expectancy (SLE × ARO = ALE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

BLANK uses judgment and intuition instead of numbers.

A

Qualitative risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

BLANK involves people with the requisite experience and education evaluating threat scenarios and rating the probability, potential loss, and severity of each threat based on their personal experience.

A

Qualitative risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The BLANK is a group decision method where each group member can communicate anonymously.

A

Delphi technique

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When choosing the right safeguard to reduce a specific risk, the cost, functionality, and effectiveness must be evaluated and a BLANK performed.

A

cost/benefit analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A BLANK is a statement by management dictating the role security plays in the organization.

A

security policy

17
Q

BLANK are detailed step-by-step actions that should be followed to achieve a certain task.

A

Procedures