Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ Study Guide > Risk Assessment > Flashcards

Risk Assessment Flashcards

1
Q

Define Risk Assessment

A
  • An evaluation of how much risk you and your organization are willing to take on.
  • Must be performed before any other action, such as how much to spend on security and manpower.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Vulnerability

A

A weakness that could be exploited by a threat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Key Components of Risk Assessent

A
  1. Risks to Which the Organization is exposed.
    • Develop scenarios that can help you evaluate how to deal with risks.
  2. Risks that need addressing.
    • Determine which risks need addressing and which ones are unlikely. Allows you to focus resources.
  3. Coordination with BIA (Business Impact Analysis)
    • Provides the organization with an accurate picture of the situation facing it.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ALE

A
  • Annual Loss Expectancy value.
  • Risk Calcualation
  • The MONETARY measure of how much loss you could expect in a year.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

SLE

A
  1. Single Loss Expectancy
  2. MONETARY measure of how much loss you could expect in a year.
  3. Two Components
    • AV - Asset Value
    • EF - Exposure Factor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ARO

A
  1. Annualized Rate of Occurrence
  2. Likelihood, often drawn from historical data, of an event occuring within one year.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Comput Risk Assessment Formula

A

SLE * ARO = ALE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Quantitative Risk Assessement

A
  1. Cost-based.
  2. Objective.
  3. Focused on dollar amounts.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Qualitative

A
  1. Opinion-based.
  2. Subjective
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Likelihood

A
  1. NIST recomments viewing Likelihood as a score representing the possibility of threat initiation.
  2. Can be expressed in either quantitative or qualitative terms.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Threat Vectors

A
  1. The WAY in which an attacker poses a threat.
    • Tool used.
    • Path used.
  2. Examples
    • Fake email that lures you into clicking a link (Phishing).
    • Unsecured wifi hotspot.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Mean Time Between Failures

A
  1. MTBF
  2. Meaures of the anticipated incidence of failure for a system or component.
  3. Determines the component’s anticipated lifetime.
  4. Helpful in evaluating a system’s reliability and life expectancy.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Mean Time to Failure

A
  1. MTTF
  2. Average time to failure for a NON-REPAIRABLE system.
  3. Only use if system cannot be repaired.
    • If the system can be repaired, use Mean Time Between Failures (MTBF).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Mean Time to Restore

A
  1. MTTR
  2. Measure of how long it takes to repair a system or component once a failure occurs.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Recovery Tome Objective

A
  1. RTO
  2. Maximum amount of time the process or service is allowed to be down and the consequences still be considered acceptable.
  3. Agreed on during BIA creation.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Recovery Point Objective

A
  1. RPO
  2. The point at which the system needs to be restored.
  3. Ex: Restore to the point two days before the crash.
  4. General rule: The closer the RPO is to the time of the crash, the more expensive it is to obtain.
17
Q

Acting on your Risk Assessement

Risk Avoidance

A
  1. Identify a risk, and make a decision to longer engage in activities associated with that risk.

Example: Decide that email attachements are too risky, and block all email attachements.

18
Q

Acting on your Risk Assessement

Risk Transference

A
  1. Does NOT mean you shift the risk completely to another entity.
  2. You SHARE the risk with someone else, such as an insurance company.
19
Q

Acting on your Risk Assessement

Risk Mitigation

A
  1. Any time you take steps to reduce risk.
  2. Confront it.
    • Audits that address user rights.
    • Permission reviews.
    • Change Management - Structured approach followed to secure a company’s assets.
    • Incident Management - Steps followed when an event occurs.
20
Q

Risk Mitigation - Change Management

A

A structured approach that is followed to secure a company’s assets.

21
Q

Risk Mitigation - Incident Management

A

Steps followed when an incident occurs.

22
Q

Risk Mitigation

Data Loss Prevention

A
  1. Monitor the content of systems to make sure that key content is not deleted or removed.
23
Q

Acting on your Risk Assessement

Risk Deterrence

A
  1. Understanding something about the enemy, and letting them know the harm that can come their way if they cause harm to you.
24
Q

Acting on your Risk Assessement

Risk Acceptance

A
  1. When the cost of implementing any of the other risk assessment options exceeds the value of the harm.
  2. Administrator or manager must be aware of the existence of the risk.
  3. Identified risk for which those involved understand the potential cost or damage and aggre to accept it.

Sec+ Study Guide (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions