Security Principles Flashcards
Risk Identification:
Involves identifying different possible risks, characterizing them and then estimating their potential for disrupting the organization.
Takeaways to remember about risk identification:
- Identify risk to communicate it clearly.
- Employees at all levels of the organization are responsible for identifying risk.
- Identify risk to protect against it.
Risk Assessment:
The process of identifying and analyzing risks to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals and other organizations.
The analysis
performed as part of risk management which incorporates threat and vulnerability analyses and
considers mitigations provided by security controls planned or in place.
Risk Treatment:
The determination of the best way to address an identified risk.
Qualitative Risk Analysis:
A method for risk analysis that is based on the assignment of a descriptor such as low, medium or
high
Quantitative Risk Analysis:
A method for risk analysis where numerical values are assigned to both impact and likelihood
based on statistical probabilities and monetarized valuation of loss or gain.
The Healthcare Insurance Portability and Accountability Act of 1996 (HIPAA) is…
“…a federal law in the United States that requires certain actions be taken to protect health information. Many organizations use published frameworks, or standards, to guide the organizational policies that support the compliance effort. Many departments or workgroups within the organization implement procedures that detail how they complete day-to-day tasks while remaining compliant.”
ISC2 Code of Ethics Preamble:
The Preamble states the purpose and intent of the ISC2 Code of Ethics.
The safety and welfare of society and the common good, duty to our principals, and to each other, requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
Therefore, strict adherence to this Code is a condition of certification.
ISC2 Code of Ethics Cannons:
The Canons represent the important beliefs held in common by the members of ISC2. Cybersecurity professionals who are members of ISC2 have a duty to the following four entities in the Canons.
Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.
