Risk Management Flashcards
A script kiddie is a classic example of a(n) _________.
attacker
threat
threat actor
threat actor
A script kiddie is a classic example of a threat actor
Risk is often considered formulaically as
Risk = Probability × Threat
Risk = Threat × Impact
Risk = Probability × Impact
Risk = Probability × Impact
Risk is often considered formulaically as Risk = Probability × Impact
A company makes a document called “Acceptable Use” that defines what the company allows users to do and not do on their work systems. The company requires new employees to read and sign this. What is this type of document called?
Standard
Policy
Procedure
Policy
Policies are normally written documents that define an organization’s goals and actions. Acceptable use policies are very common
A ___________ is a description of a complex process, concentrating on major steps and the flows between the steps.
law
procedure
framework
framework
A framework is a description of a complex process, concentrating on major steps and the flows between the steps
No Trespassing sign is an example of a __________ control.
deterrent
preventative
detective
deterrent
A deterrent control deters a threat actor from performing a threat. A No Trespassing sign is a good example
A lock on the door of a building is an example of a __________ control.
deterrent
preventative
detective
preventative
A preventative control stops threat actors from performing a threat. Locks are a notable example
An asset’s exposure factor is measured in _______ .
dollars
percentages
units
percentages
Exposure factor is measured in terms of a percentage of loss to the value of that asset
Which of the following equations is correct?
Single Loss Expectancy = Asset Value × Exposure Factor
Annualized Rate of Occurrence = Asset Value × Exposure Factor
Annualized Loss Expectancy = Asset Value × Exposure Factor
Single Loss Expectancy = Asset Value × Exposure Factor
The only correct equation is Single Loss Expectancy = Asset Value × Exposure Factor
Financial is one type of business impact. Which of the following names another?
Technical
Device
Reputation
Reputation
Of the choices listed, only reputation is a common business impact
Which of the following represents the component manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component?
MTTR
MTBF
MTMB
MTBF
Mean time between failures (MTBF) represents the component manufacturer’s best guess (based on historical data) regarding how much time will pass between major failures of that component