Security & Risk Management

Question 1

The Officer who is Accountable for ensuring the protection of all of the business information assets from intentional & unintentional loss, disclosure, alteration, destruction, & unavailability

Answer 1

Information Security Officer

Question 2

Controls designed to discourage people from violating security directives.

Answer 2

Deterrent Controls

Question 3

Controls designed to signal a warning when a security control has been breached.

Answer 3

Detective Controls

Question 4

Electronic hardware & software solutions implemented to control access to information & information networks

Answer 4

Logical Controls

Question 5

The practice of coming up with alternatives so that the risk in question is not realized.

Answer 5

Risk Avoidance

Question 6

The practice of accepting certain risk typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way

Answer 6

Risk Acceptance

Question 7

1. Combination of the probability of an event & its consequences.
2. An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. (RFC 2828)

Answer 7

Risk

Question 8

Controls implemented to prevent a security incident or information breach

Answer 8

Preventative Controls

Question 9

Controls to protect the organization’s people & physical environment, such as locks, fire management, gates, & guards; physical controls may be called “operational controls” in some contexts

Answer 9

Physical Controls

Question 10

Comes in 2 forms; making sure information is processed correctly & not modified by unauthorized persons, & protecting information as it transits

Answer 10

Integrity

Question 11

Procedures implemented to define the roles, responsibilities, policies, & administrative functions needed to manage the control environment

Answer 11

Administrative Controls

Question 12

The principle that ensures that information is available & accessible to users when needed

Answer 12

Availability

Question 13

An incident that results in the disclosure or potential exposure of data

Answer 13

Breach

Question 14

The practice of the elimination of or the significant decrease in the level of risk presented

Answer 14

Risk Mitigation

Question 15

Determines the potential impact of disruptive events on the organization’s business processes

Answer 15

Vulnerability Assessment

Question 16

Controls implemented to remedy circumstance, mitigate damage, or restore controls

Answer 16

Corrective Controls

Question 17

Supports the principle of “least privilege” by providing only authorized individuals, processes, or systems should have access to information on a need to know basis

Answer 17

Confidentiality

Question 18

A breach for which it was confirmed that data was actually disclosed to an unauthorized party

Answer 18

Data Disclosure

Question 19

Controls implemented to restore conditions to normal after a security

Answer 19

Recovery Controls

Question 20

The practice of passing on the risk in question to another entity, such as an insurance company

Answer 20

Risk Transfer

Question 21

Any single input to a process that, if missing, would cause the process or several processes to be unable to function

Answer 21

Single Point of Failure

Question 22

A systematic process for identifying, analyzing, evaluating, remedying, & monitoring risk

Answer 22

Risk Management

Question 23

Controls designed to specify acceptable rules of behavior within an organization

Answer 23

Directive Controls

Question 24

A security event that compromises the confidentiality, integrity, or availability of an information asset

Answer 24

Incident