Risk and Compliance Flashcards
Reliable and timely access to data and resources is provided to authorized individuals
Availability
Accuracy and reliability of the information and
systems are provided and any unauthorized modification is prevented
Integrity
Necessary level of secrecy is enforced and unauthorized disclosure is prevented
Confidentiality
Weakness or a lack of a countermeasure
Vulnerability
Entity that can exploit a vulnerability
Threat agent
The danger of a threat agent exploiting a
vulnerability
Threat
The probability of a threat agent exploiting a
vulnerability and the associated impact
Risk
Safeguard that is put in place to reduce a risk,
also called a countermeasure
Control
Presence of a vulnerability, which exposes the organization to a threat
Exposure
*Examples are: procedures, security documentation, risk management, personnel security, and training
Administrative Control
*Examples are: hardware/software mechanisms used to manage access. i.e. encryption, smart cards, passwords, biometrics, constrained interfaces, ACLs, protocols, firewalls, routers, IDS.
Logical/Technical Control
*Examples are: Barriers to prevent direct contact within facility. ie. guards, fences, motion detectors, locked doors, sealed windows.
Physical Control
What are the below actions?
- Accept
- Avoid
- Mitigate
- Transfer
These are ways to manage risk
Understand and proceed to take no action
Accept Risk
Change strategies and move in a different direction
Avoid Risk
