Quiz: Module 01 Flashcards
The ____ illustrates the most critical characteristics of information and has been the industry standard for computer security since the development of the mainframe.
a. disaster recovery plan
b. C.I.A. triad
c. strategic plan
d. asset classification
C.I.A. triad
____ is an unauthorized entry into the real or virtual property of another party.
a. Trespass
b. Risk
c. An accident
d. A Trojan horse
Trespass
An evaluation of the threats to information assets, including a determination of their likelihood of occurrence and potential impact of an attack, is known as a _____.
a. loss estimate
b. threat assessment
c. threat likelihood
d. threat evaluation
threat assessment
The probability that a specific vulnerability within an organization will be attacked by a threat is known in the risk analysis process as _____.
a. impact
b. opportunity
c. likelihood
d. severity
likelihood
____ of risk is the choice to do nothing to protect an information asset and to accept the outcome of its potential exploitation.
a. Inheritance
b. Acceptance
c. Avoidance
d. Mitigation
Acceptance
____ is a risk treatment strategy that attempts to shift the risk to other assets, other processes, or other organizations.
a. Transference
b. Mitigation x
c. Acceptance x
d. Defense
Risk management is the state of being secure and free from danger or harm.
a. True
b. False
False
A threat is any event or circumstance that has the potential to adversely affect operations and assets.
a. True
b. False
True
An enterprise information security policy (EISP) addresses specific areas of technology and contains a statement on the organization’s position on each specific area.
a. True
b. False
False
An asset can be logical, such as a Web site, information, or data; it can also be physical, such as a person, computer system, or other tangible object.
a. True
b. False
True
