Risk

Question 1

What is Risk?

Answer 1

Possibility of a threat exploiting a vulnerability

Question 2

What is technical control?

Answer 2

Technology security i.e 802.11i

Question 3

What is management control?

Answer 3

Risk/vulnerability assessment
Written security policy
Mandatory vacation

Question 4

What is operational control?

Answer 4

Change management/procedure

Ensure day-to-day operations comply with security policy

Question 5

What is a false positive?

Answer 5

IPS/IDS recoginises malicious trraffic when there isn’t

Question 6

What is a false negative?

Answer 6

IPS/IDS fails to recognise malicious traffic

Question 7

What is mandatory vacation?

Answer 7

Can reduce collusion and fraud of employees

Question 8

How is separation of duties more secure?

Answer 8

Developer creates application

Team implements software (i.e possible backdoor in software for dev)

Question 9

What is SLE?

Answer 9

Single loss expectancy

Question 10

What is ARO?

Answer 10

Annualised Rate of Occurrence

i.e 5 year failure 1/5 = 0.2 ARO

Question 11

What is ALE?

Answer 11

Annualised Loss Expectancy

ALE = SLE * ARO

Question 12

What is a Software escrow

Answer 12

Source code of application available via provider company in event application is no longer supported

Question 13

What is MTTR?

Answer 13

Mean Time to Restore

Question 14

What is MTTF?

Answer 14

Mean Time to Failure

regarding non-repairable systems

Question 15

What is MTBF?

Answer 15

Mean Time Between Failure

Question 16

What entails risk acceptance?

Answer 16

Not paying for a countermeasure because the loss is less expensive

Question 17

What is risk transference?

Answer 17

Insurance from a 3rd party contractor for equipment servicing and replacement

Question 18

What is RTO?

Answer 18

Recovery Time Objective

Question 19

What is RPO?

Answer 19

Recovery Point Objective

retention period for restoration