Security & Risk Management

Question 1

Accountable for ensuring the protection of all of the business information assets from intentional & unintentional loss, disclosure, alteration, destruction, & unavailability

Answer 1

Information Security Officer

Question 2

Authorizes the President to designate those items that shall be considered as defense articles & defense services & control their import & the export

Answer 2

Arms Export Control Act of 1976

Question 3

Ensures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for actions & responsibility for outcomes, & addresses how expected performance will be evaluated

Answer 3

Governance

Question 4

Is similar to due care with the exception that it is a preemptive measure made to avoid harm to other persons or their property

Answer 4

Due Diligence

Question 5

The care a “reasonable person” would exercise under given circumstances

Answer 5

Due Care

Question 6

Controls designed to discourage people from violating security directives.

Answer 6

Deterrent Controls

Question 7

Controls designed to signal a warning when a security control has been breached.

Answer 7

Detective Controls

Question 8

Electronic hardware & software solutions implemented to control access to information & information networks

Answer 8

Logical Controls

Question 9

The practice of coming up with alternatives so that the risk in question is not realized.

Answer 9

Risk Avoidance

Question 10

The practice of accepting certain risk typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way

Answer 10

Risk Acceptance

Question 11

1. Combination of the probability of an event & its consequences.
2. An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. (RFC 2828)

Answer 11

Risk

Question 12

The point in time to which data must be restored in order to successfully resume processing

Answer 12

Recovery Point Objective (RPO)

Question 13

How quickly you need to have that application’s information available after downtime has occurred

Answer 13

Recovery Time Objective (RTO)

Question 14

Controls implemented to prevent a security incident or information breach

Answer 14

Preventative Controls

Question 15

Controls to protect the organization’s people & physical environment, such as locks, fire management, gates, & guards; physical controls may be called “operational controls” in some contexts

Answer 15

Physical Controls

Question 16

Protects, novel, useful, & non-obvious inventions

Answer 16

Patent

Question 17

Granting users only the accesses that are required to perform their job functions

Answer 17

Least Privilege

Question 18

Comes in 2 forms; making sure information is processed correctly & not modified by unauthorized persons, & protecting information as it transits

Answer 18

Integrity

Question 19

Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, databases, & computer programs

Answer 19

Copyright

Question 20

An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year

Answer 20

Annualized Rate of Occurrence (ARO)

Question 21

Procedures implemented to define the roles, responsibilities, policies, & administrative functions needed to manage the control environment

Answer 21

Administrative Controls

Question 22

Defined as the difference between the original value & the remaining value of an asset after a single exploit

Answer 22

Single Loss Expectancy (SLE)

Question 23

The principle that ensures that information is available & accessible to users when needed

Answer 23

Availability

Question 24

An incident that results in the disclosure or potential exposure of data

Answer 24

Breach

Question 25

The practice of the elimination of or the significant decrease in the level of risk presented

Answer 25

Risk Mitigation

Question 26

Established to contribute to regional & international security & stability by promoting transparency & greater responsibility in transfers of conventional arms & dual-use goods & technologies, thus preventing destabilizing accumulations

Answer 26

Wassenar Arrangement

Question 27

Determines the potential impact of disruptive events on the organization’s business processes

Answer 27

Vulnerability Assessment

Question 28

Controls implemented to remedy circumstance, mitigate damage, or restore controls

Answer 28

Corrective Controls

Question 29

Actions that ensure behavior that complies with established rules

Answer 29

Compliance

Question 30

Supports the principle of “least privilege” by providing only authorized individuals, processes, or systems should have access to information on a need to know basis

Answer 30

Confidentiality

Question 31

A breach for which it was confirmed that data was actually disclosed to an unauthorized party

Answer 31

Data Disclosure

Question 32

A process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, & provide reasonable assurance regarding the achievement of entity objectives

Answer 32

Enterprise Risk Management

Question 33

Controls implemented to restore conditions to normal after a security

Answer 33

Recovery Controls

Question 34

The practice of passing on the risk in question to another entity, such as an insurance company

Answer 34

Risk Transfer

Question 35

Any single input to a process that, if missing, would cause the process or several processes to be unable to function

Answer 35

Single Point of Failure

Question 36

Authorized the President to regulate exports of civilian goods & technologies that have military applications

Answer 36

Export Administration Act of `979

Question 37

Proprietary business or technical information, processes, designs, practices that are confidential & critical to the business

Answer 37

Trade Secret

Question 38

Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods & distinguish them from those made or sold by others

Answer 38

Trademarl

Question 39

Controls that substitute for the loss of primary controls & mitigate risk down to an acceptable level

Answer 39

Compensating Controls

Question 40

A systematic process for identifying, analyzing, evaluating, remedying, & monitoring risk

Answer 40

Risk Management

Question 41

Controls designed to specify acceptable rules of behavior within an organization

Answer 41

Directive Controls

Question 42

A security event that compromises the confidentiality, integrity, or availability of an information asset

Answer 42

Incident