R-GLOSSARY Flashcards
Reciprocal agreement
Emergency processing agreements among two or more organizations with similar equipment or applications. Typically, participants promise to provide processing time to each other when an emergency arises.
Recovery action
Execution of a response or task according to a written procedure
Recovery point objective (RPO)
Determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time to which it is acceptable to recover data. It effectively quantifies the permissible amount of data
loss in case of interruption.
Recovery time objective (RTO)
The amount of time allowed for the recovery of a business function or resource after a disaster occurs
Redundant Array of Inexpensive Disks (RAID)
Provides performance improvements and fault-tolerant capabilities, via hardware or software solutions, by writing to a series of multiple disks to improve performance and/or save large files simultaneously
Redundant site
A recovery strategy involving the duplication of key information technology components, including data or other key business processes, whereby fast recovery can take place
Request for proposal (RFP)
A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
Residual risk
The remaining risk after management has implemented risk response
Resilience
The ability of a system or network to resist failure or to recover quickly from any disruption, usually with minimal recognizable effect
Return on investment (ROI)
A measure of operating performance and efficiency, computed in its simplest form by dividing net income by the total investment over the period being considered
Return on security investment (ROSI)
An estimate of return on security investment based on how much will be
saved by reduced losses divided by the investment
Risk
The combination of the probability of an event and its consequence.
(ISO/IEC 73). Risk has traditionally been expressed as Threat ×
Vulnerabilities = Risk.
Risk analysis
The initial steps of risk management:
analyzing the value of assets to the business,
identifying threats to those assets and evaluating how vulnerable
each asset is to those threats.
It often involves an evaluation of the probable frequency of a particular event, as well as the probable impact of
that event.
Risk appetite
The amount of risk, on a broad level, that an entity is willing to accept in pursuit of its mission
Risk assessment
A process used to identify and evaluate risk and potential effects. Risk assessment includes assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure and evaluating the cost for such controls. Risk analysis often involves an evaluation of the probabilities of a particular event.
Risk avoidance
The process for systematically avoiding risk, constituting one approach to managing risk
Risk mitigation
The management and reduction of risk through the use of countermeasures and controls
Risk tolerance
The acceptable level of variation that management is willing to allow for any particular risk while pursuing its objective
Risk transfer
The process of assigning risk to another organization, usually through the purchase of an insurance policy or outsourcing the service
Robustness
The ability of systems to withstand attack, operate reliably across a wide range of operational conditions and to fail gracefully outside of the operational range
Role-based access control
Assigns users to job functions or titles. Each job function or title defines a specific authorization level.
Root cause analysis
A process of diagnosis to establish origins of events, which can be used for learning from consequences, typically of errors and problems
Rootkit
A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
