Security and Risk Management

Question 1

Confidentiality

Answer 1

Keeping information and communications private and protecting them from unauthorized access.

Question 2

Integrity

Answer 2

Ensuring that electronic data is accurate, without error, and without unauthorized modification.

Question 3

Availability

Answer 3

Ensuring that systems operate continuously and that authorized persons can access data that they need.

Question 4

Authenticity

Answer 4

Establishing the validity of a data transmission, message, or originator to prevent impersonation and require users to confirm their identities before they are allowed access to systems and resources.

Question 5

Non-repudiation

Answer 5

In a communication, transaction, or similar exchange, providing both parties with proof that the transaction was completed so that neither party can later deny having completed the transaction.

Question 6

CRAMM

Answer 6

CCTA Risk Analysis and Management Method

Question 7

FMEA

Answer 7

Failure modes and effect analysis

Question 8

FRAP

Answer 8

Facilitated Risk Analysis Process

Question 9

OCTAVE

Answer 9

Operationally Critical Threat, Asset, and Vulnerability Evaluation

Question 10

SOMAP

Answer 10

Security Officers Management and Analysis Project

Question 11

ARO

Answer 11

Annualized Rate of Occurrence = event number/years

Question 12

EF

Answer 12

Exposure factor = loss value / assets value (AV)

Question 13

SLE

Answer 13

Single loss expectancy = EF * AV

Question 14

ALE

Answer 14

Annualized loss expectancy (ALE) = ARO * SLE