Security and Risk Management Domain Flashcards
Established to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations
Wassenaar Arrangement
Authorized the President to regulate exports to civilian goods and technologies that have military applications
Export Administration Act of 1979
Controls designed to specify acceptable rules of behavior within an organization.
Directive Controls
Procedures implemented to define the roles, responsibilities, policies and administrative functions needed to manage the control environment
Administrative Controls
Determines the potential impact of disruptive events on the organization’s business processes
Vulnerability Assessment
Proprietary business or technical information, processes, designs, practices, etc, that are confidential and critical to the business
Trade Secret
Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others
Trademark
Any single input to a process that, if missing, would cause the process or several processes to be unable to function
Single Point of Failure (SPOF)
Defined as the differences between the original value and the remaining value of an asset after a single exploit
Single Loss Expectancy (SLE)
A systematic process for identifying, analyzing, evaluating, remedying and monitoring risk
Risk Management
The practice of passing on the risk in question to another entity, such as an insurance company
Risk Transfer
The practice of the elimination of or the significant decrease in the level of risk presented
Risk Mitigation
The practice of coming up with alternatives so that the risk in question is not realized
Risk Avoidance
The practice of accepting certain risks, typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way
Risk Acceptance
- A combination of the probability of an event and its consequence (ISO 27000)
- An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result (RFC 2828)
Risk
The point in time to which data must be restored in order to successfully resume processing
Recovery Point Objective (RPO)