Risk Assessment & Mangement Terms (Ch. 1) Flashcards
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access.
acceptable use policy/rules of behavior
A calculation used to identify risks and calculate the expected loss each year.
annual loss expectancy (ALE)
A calculation of how often a threat will occur.
annualized rate of occurrence (ARO)
The assessed value of an item (server, property, and so on) associated with cash flow.
asset value (AV)
A study of the possible impact if a disruption to a busi-ness’s vital resources were to occur.
business impact analysis (BIA)
An agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses.
business partners agreement (BPA)
The potential percentage of loss to an asset if a threat is realized.
exposure factor (EF)
As defined by NIST (in Publication 800-47), it is “an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations.â€
interconnection security agreement (ISA)
The maximum period of time that a business pro-cess can be down before the survival of the organization is at risk.
maximum tolerable downtime (MTD)
The measurement of the anticipated lifetime of a system or component.
mean time between failures (MTBF)
The measurement of the average of how long it takes a system or component to fail.
mean time to failure (MTTF)
The measurement of how long it takes to repair a system or component once a failure occurs.
mean time to restore (MTTR)
Most commonly known as an MOU rather than MOA, this is a document between two or more parties defining their respective responsibilities in accomplishing a particular goal or mission, such as securing a system.
memorandum of understanding (MOU)/memorandum of agreement (MOA)
The point last known good data prior to an outage that is used to recover systems.
recovery point objective (RPO)
The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable.
recovery time objective (RTO)