Risks Management Flashcards

1
Q

Security Policy Framework Levels

A

Policies
Standards
Guidelines
Procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk Factors

A

Likelihood/probability

Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk Assessment Methods

A

Qualitative

Quantitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define an AV

A

Asset Value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

AV Assessment Methods

A

Original
Depreciated
Replacement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define the EF

A

Exposure Factor; percent of asset effected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define SLE

A

Single Loss Expectancy; AV * EF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define ARO

A

Annualized Rate of Occurrence; likely number of occurrences per a year

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Define ALE

A

Annualized Loss Expectancy; ALE = SLE * ARO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define MTTF

A

Mean Time to Failure, for non replaceable components

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define MTBF

A

Mean Time Between Failures, for replaceable components

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define MTTR

A

Mean Time To Repair, average restoration time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Risks Response Types

A

Avoidance
Transference
Mitigation/Deterrence
Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Risk Register Components

A
Description
Categorization
Probability
Impact
Mitigation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Risk Assessment Sources

A
Vulnerability Scans
Penetration Test
Audits
OS Threat Intelligence
Consulting/Vendor
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Types of Vendor Agreements

A

SLR/SLA
MOU/MOA
BPA/BPO
ISA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Define SLR

A

Service-Level Agreement; outlines service providers commitment to client

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Define MOU/MOA

A

Memorandum of Understanding/Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Define BPA

A

Business Partnership Agreement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Define ISA

A

Interconnection Service Agreement; joins networks outlining technical and security requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Personnel Risk Management Key Principles

A

Need to Know
Least Privilege
Separation of Duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Define a BCP

A

Business Continuity Planning; focus on maintaining availability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Define a BIA

A

Business Impact Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

BIA Risk Concerns

A

Safety
Financial
Reputation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Define High Availability
Multiple-systems for same purpose
26
Fault Tolerance Methods
Power Supply | Memory Storage
27
Describe RAID O
Striping Performance, no Redundancy 1 or more disks
28
Describe RAID 1
Mirroring Redundancy, low performance 2 or more disks
29
Describe RAID 5
Striping with Parity Performance and Redundancy 3 or more disks
30
Describe RAID 6
Striping with Double Parity | 4 or more disks
31
Describe RAID 10 (also called RAID 1 + 0/0 + 1)
Striping and Mirroring | 4 or more disks
32
Define RTO
Recover Time Objective, goal recovery time
33
Define RPO
Recovery Point Objective, restoration point to return to after an incident
34
Backup Types
Full Differential Incremental Snapshot
35
Describe Full Backups
Backup everything; Slow backup speed Fast restoration speed
36
Describe Differential Backups
Backup changes since last full; Medium backup speed Medium restoration speed
37
Describe Incremental Backups
Backup changes since last full or incremental; Fast backup speed Slowest restoration speed
38
Define a system Snapshot
Capture disk image at a moment in time Less storage space requirements Quick backups
39
Grandfather-Father-Son Backup Media Rotation Method
4 devices backup daily, 1 per a day Monday-Thursday 4 devices backup weekly, 1 per a week for 4 weeks 4 devices backup monthly, 1 per a month for 4 months
40
Define 3-2-1 Backup Rule
2 Backups on site | 1 Backup off-site
41
Alternate Processing Facility Types
Hot Cold Warm
42
Describe a Hot Site
Fully operational Quickest restoration (hrs) Expensive
43
Describe a Cold Site
Empty facility Slowest restoration (weeks) Least expensive
44
Describe a Warm Site
Hardware and Software ready Medium restoration speed (days) Medium expenses
45
Define Alternate Business Processes
Utilizing alternative methods to accomplish same business purpose
46
Backup Site Location Considerations
Close enough for relocation of employees Far enough to not be impacted by same disaster Ease of access Away from other industrial facilities Data sovereignty (only applies to location of storage)
47
Disaster Response Plan Testing Methods
``` Read through Walk through Simulation Parallel Test Full Interruption ```
48
Define CIRT
Cyber Incident Response Team
49
CIRT Members
``` Management Information Security Subject Matter Experts Legal Public Affairs HR Finance ```
50
Evidence Types
Real/Physical Documentary Testimonial
51
Types of Testimonial Evidence
Direct, by first degree observation | Expert Opinion
52
Define Hearsay
Testimonial evidence not given from the first person degree (i.e. "I heard someone else say")
53
Documentary Evidence Considerations
Authenticated Best available Parole Evidence
54
Define Best Available Evidence
Original or closest to the original evidence
55
Define Parole Evidence Rule
Assumes documentary evidence is entire and final
56
Digital Forensic Order of Volatility
Cache, registers ARP Cache, routing table, memory, kernel statistics, process table Temporary files Disks Monitoring data and remote logs Physical configuration and network topology Archived media
57
Purpose of Write Blockers
Intercept/prevent request to alter evidence
58
Purpose of Hashing Collected Evidence
Compare later hashes with initial for data integrity
59
Storage Bag Labeling Criteria
Name Date and Time Contents Tamper Seal
60
Data Owner's Role
administrative control and has been officially designated as accountable for a specific information asset dataset
61
Data Steward's Role
Handle data governance and policy on behalf of the Data Owner
62
Data Custodian's Role
technical control over an information asset dataset
63
Define PTA
Privacy Threshold Analysis, determine necessity for privacy controls
64
Define PIA
Privacy Impact Analysis, evaluate sufficiency of privacy controls
65
Adverse Background Check Notification PRocess
Investigation Pre-adverse notification Employee Response
66
Incident Response Phases
``` Preparation Identification Containment Investigation Eradication Recovery Follow Up ```
67
Uses of Captive Portals
Monitor/limit Network Activity User agreements Branding
68
Insider Protection Methods
Content and email filter | Strong security policies
69
Government Information Classification Standards
Top Secret- "exceptionally grave damage" Secret- "serious damage" Confidential- "damage" Unclassified- available for general use
70
Define Private Information
Information relating to an individual (i.e. PII, PHI)
71
ISO 27001 Information Classification Standards
Confidential (top confidentiality level) Restricted (medium confidentiality level) Internal use (lowest level of confidentiality) Public (everyone can see the information)
72
Least Effective Means of Purging Media
Degaussing
73
Define Security Policy
High-level, general statement about role of security
74
Define Standard
Legal, industry, or best business practices
75
Use of Code Escrow
Protect against vendor lack of support in the event they go out of business
76
Network Protection Steps
``` ID and document user access permissions ID high-value assets Document trust boundaries ID choke points on the network Segregate and isolate the network Isolate server functions Physically secure high-value systems ```
77
Memory Dump Methods
Save and extract the page file | Save contents of physical RAM
78
Forensic Cloning Method
bit-level cloning
79
Instant Messaging Vulnerability
Lack of encryption
80
Define the Delphi Method
anonymous survey to determine value of an asset
81
Define Two-Man Control
Tasks which require dual custody due to sensitivity
82
Backup Data Loss Protection Method
Test restoration procedures
83
Purpose of an Archive Bit
Indicates whether a file has been modified (set if modified)