Random

Question 1

What costs should be considered in a cost-benefit analysis?

Answer 1

Technology costs,
Opportunity costs,
Process impact costs,
Time costs,
Personnel costs,
Overall capability costs.

Question 2

What is the cost-of-loss formula to calculate an asset value?

Answer 2

K = Cp + Ct + Cr + Ci – I
K = total cost of loss
Cp = cost of permanent replacement
Ct = cost of temporary substitute
Cr = total related costs (remove old asset, install new, etc.)
Ci = lost income cost
I = available insurance or indemnity

Question 3

How is security risk calculated for an individual asset?

Answer 3

Asset value rating X Threat likelihood rating X Severity of incident rating X Vulnerability rating = Security risk rating

Question 4

5 Major Areas in developing a BCP (Businesss Continuity Plan)

Answer 4

Phase 1
Preparedness/Readiness
Prevention
Response
Recovery

Phase 2
Testing, Training, Evaluating, & Maintenance

Question 5

BCP Phase 1-Preparedness/Readines

Answer 5

1. Assign accountability to a single individual
2. Perform risk assessment
3. Perform BIA
4. Agree on strategic plans
5. Form Crisis Managment Team

Question 6

BCP Phase 1-Prevention

Answer 6

1. Compliance w/corporate policy
2. Mitigation strategies
3. Avoidance, deterrence, detection

Question 7

BCP Phase 1-Response

Answer 7

1. Determine if there is a crisis
2. Notify CMT
3. Assess nature of situation
4. Declare crisis
5. Execute BCP
6. Communicate to all appropriate parties
7. Resourece Management

Question 8

BCP Phase 1-Recovery

Answer 8

1. Damage and impact assessment
2. Resumption of critical and remaining processes
3. Return to normal operations

Question 9

BCP Phase 2-Testing, Training, Evaluating, and Maintenance

Answer 9

1. Educating and training on the plan
2. Testing the BCP

Question 10

What four criteria can be used to rank assets based on criticality?

Answer 10

Workforce- # and type of workforce located onsite
Service delivery - % of overall service delivery that the asset is responsible for
Dependencies - importance of the asset to other assets
Mission/objectives - overall importance of the asset to the business mission or objective

Question 11

What are the technical criteria of the Security Metrics Evaluation Tool (Security MET)?

Answer 11

Reliability,
Validity,
Generalizability.

Question 12

What are the operational criteria of the Security Metrics Evaluation Tool (Security MET)?

Answer 12

Cost,
Timeliness,
Manipulation.

Question 13

What are the strategic criteria of the Security Metrics Evaluation Tool (Security MET)?

Answer 13

ROI,
Organizational relevance,
Communications.

Question 14

What are the evaluation criteria for the Security Metrics Evaluation Tool (Security MET).

Answer 14

Technical criteria,
Operational criteria,
Strategic criteria.

Question 15

How is risk calculated?

Answer 15

Risk = (Threat x Vulnerability x Impact) / 3

Question 16

What are the two foundational design principles?

Answer 16

The Four Ds and Layered security (aka Defense in Depth)

Question 17

What equation is used for calculating risk when developing a design?

Answer 17

Risk = Vulnerability x Threat x Asset Value