R

Question 1

Reciprocal agreement

Answer 1

Emergency processing agreement between two or more enterprises with similar equipment or applications

Question 2

Recovery action

Answer 2

Execution of a response or task according to a written procedure.

Question 3

Recovery point objective (RPO)

Answer 3

Determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the permissible amount of data loss in case of interruption.

Question 4

Recovery time objective (RTO)

Answer 4

The amount of time allowed for the recovery of a business function or resource after a disaster occurs

Question 5

Red team

Answer 5

A group authorized and organized to emulate bad actors using similar tactics, techniques, and procedures to provide feedback from an offensive perspective. Red teams are typically employed by organizations with larger security teams and differ from penetration testing. While both have a similar goal of improving security, penetration testing mainly focuses on identifying technical vulnerabilities narrowly scoped by rules of engagement, whereas red teaming is more in-depth and often longer duration. Red teaming better assesses
detection and response capabilities largely by leveraging social engineering and exploitation of applications, network services and physical facilities. Red teams are also employed in other fields such as airport security, the military and intelligence agencies.

Question 6

Redundant array of inexpensive disks (RAID)

Answer 6

Provides performance improvements and fault-tolerant capabilities via hardware or software solutions, by writing to a series of multiple disks to improve performance and/or save large files simultaneously.

Question 7

Redundant site

Answer 7

A recovery strategy involving the duplication of key IT components, including data or other key business processes, whereby fast recovery can take place.

Question 8

Request for proposal (RFP)

Answer 8

A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product.

Question 9

Residual risk

Answer 9

The remaining risk after management has implemented a risk response

Question 10

Return on investment (ROI)

Answer 10

A measure of operating performance and efficiency, computed in its simplest form by dividing net income by the total investment over the period being considered

Question 11

Risk acceptance

Answer 11

Decision to accept a risk, made according to the risk appetite and risk tolerance set by senior management where the enterprise can assume the risk and absorb any losses

Question 12

Risk analysis

Answer 12

The initial steps of risk management: analyzing the value of assets to the business, identifying threats to those assets and evaluating how vulnerable each asset is to those threats

Question 13

Risk analysis

Answer 13

A process by which frequency and magnitude of IT risk scenarios are estimated.

Question 14

Risk appetite

Answer 14

The amount of risk, on a broad level, that an entity is willing to accept in pursuit of its mission

Question 15

Risk assessment

Answer 15

A process used to identify and evaluate risk and its potential effects

Question 16

Risk avoidance

Answer 16

The process for systematically avoiding risk, constituting one approach to managing risk

Question 17

Risk mitigation

Answer 17

The management of risk through the use of countermeasures and controls

Question 18

Risk response

Answer 18

Risk avoidance, risk acceptance, risk sharing/transfer, risk mitigation, leading to a situation that as much future residual risk (current risk with the risk response defined and implemented) as possible (usually depending on budgets available) falls within risk appetite limits.

Question 19

Risk tolerance

Answer 19

The acceptable level of variation that
management is willing to allow for any particular risk as the enterprise pursues its objectives

Question 20

Risk transfer

Answer 20

The process of assigning risk to another enterprise, usually through the purchase of an insurance policy or by outsourcing the service

Question 21

Risk

Answer 21

The combination of the likelihood of an event and its impact

Question 22

Robustness

Answer 22

The degree to which a software system or component can function correctly in the presence of invalid inputs or stressful environmental conditions

Question 23

Root cause analysis

Answer 23

A process of diagnosis to establish the origins of events, which can be used for learning from consequences, typically from errors and problems

Question 24

Rootkit

Answer 24

A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system