Security and Risk Management Domain Flashcards

1
Q

Established to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations

A

Wassenaar Arrangement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Authorized the President to regulate exports to civilian goods and technologies that have military applications

A

Export Administration Act of 1979

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Controls designed to specify acceptable rules of behavior within an organization.

A

Directive Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Procedures implemented to define the roles, responsibilities, policies and administrative functions needed to manage the control environment

A

Administrative Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Determines the potential impact of disruptive events on the organization’s business processes

A

Vulnerability Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Proprietary business or technical information, processes, designs, practices, etc, that are confidential and critical to the business

A

Trade Secret

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others

A

Trademark

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Any single input to a process that, if missing, would cause the process or several processes to be unable to function

A

Single Point of Failure (SPOF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Defined as the differences between the original value and the remaining value of an asset after a single exploit

A

Single Loss Expectancy (SLE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A systematic process for identifying, analyzing, evaluating, remedying and monitoring risk

A

Risk Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The practice of passing on the risk in question to another entity, such as an insurance company

A

Risk Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The practice of the elimination of or the significant decrease in the level of risk presented

A

Risk Mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The practice of coming up with alternatives so that the risk in question is not realized

A

Risk Avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The practice of accepting certain risks, typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way

A

Risk Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. A combination of the probability of an event and its consequence (ISO 27000)
  2. An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result (RFC 2828)
A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The point in time to which data must be restored in order to successfully resume processing

A

Recovery Point Objective (RPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

How quickly you need to have that appilcation’s information available after downtime has occurred

A

Recovery Time Objective

18
Q

Controls implemented to restore conditions to normal after a security incident

A

Recovery Controls

19
Q

Controls implemented to prevent a security incident or information breach

A

Preventive Controls

20
Q

Controls to protect the organization’s people and physical enviornment, such as locks, fire management, gates, and guards, physicall controls may be called ‘operational control’ in some contexts.

A

Physical Controls

21
Q

Protects novel, useful and nonobvious inventions

A

Patent

22
Q

Electronic hardware and software solutions implemented to control access to information and information networks

A

Logical (Technical) Controls

23
Q

Granting users only the accesses that are required to perform their job functions

A

Least Privilege

24
Q

Accountable for ensuring the protection of all of the business information assets from intentional and unintentional loss, disclosure, alteration, destruction and unavailability

A

Information Security Officer

25
Q

Comes in two forms; making sure that information is processed correctly and not modified by unauthorised persons, and protecting information as it transits a network

A

Integrity

26
Q

A security event that compromises the confidentiality, integrity or availability of an information asset

A

Incident

27
Q

Ensures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for actions and responsibility for outcomes, and addresses how expected performance will be evaluated

A

Governance

28
Q

A process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, and provide reasonable assurance regarding the achievement of entity objectives

A

Enterprise Risk Management

29
Q

Is similar to due care with the exception that it is a pre-emptive measure made to avoid harm to other persons or their property

A

Due Diligence

30
Q

The care a “reasonable person” would exercise under given circumstances

A

Due Care

31
Q

Controls designed to discourage people from violating security directives

A

Deterrent Controls

32
Q

Controls designed to signal a warning when a security control has been breached

A

Detective Controls

33
Q

A breach for which it was confirmed that data was actually disclosed (not just exposed) to an unauthorized party

A

Data Disclosure

34
Q

Controls implemented to remedy circumstances, mitigate damage, or restore controls

A

Corrective Controls

35
Q

Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, databases and computer programs

A

Copyright

36
Q

Supports the principle of “least Privilege” by providing that only authorized individuals, processes or systems should have access to information on a need to know basis

A

Confidentiality

37
Q

Actions that ensure behavior that complies with established rules

A

Compliance

38
Q

Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level

A

Compensating Controls

39
Q

An incident that results in the disclosure or potential exposure of data

A

Breach

40
Q

The principle that ensure that information is available and accessible to users when needed

A

Availability

41
Q

Authorizes the President to designate those items that shall be considered as defence articles and defense services and control their import and the export

A

Arms Export Control Act of 1976

42
Q

An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year

A

Annualized Rate of Occurence (ARO)