Terms Flashcards
Risk Management
What is Risk Management?
A practice of identifying, monitoring, and limiting risks to a manageable level.
What are the 3 Risk Control Types?
Administrative
Technical
Physical
What is Risk Assessment?
Used to understand the current risks, probability, impact, and the solution to prevent them.
What are the 4 Risk Management Options?
Avoidance
Transference
Acceptance
Mitigation
Is a living document used to track different types of data elements associated to risk factors and scenarios.
Risk Register
Continuity of operations plan (COOP)
Provides an alternate location for operations after a critical outage.
Business Continuity Plan (BCP)
Ensures that critical business operations continue and the organization can survive the outage. Identify key items.
What is DRP?
Disaster Recovery Plan: Provides a step-by-step procedure that personnel will follow to save human life and recover/restore your business .
What is BIA?
Business Impact Analysis: Identifies systems and components that are essential to the organization’s success and potential for financial loss.
What is ALE?
Annual Loss Expectancy: The possible yearly cost of all instances of a specific realized threat against a specific asset. Allows for proper budgeting of the security measures if risk happens
What is ARO?
Annual Rate of Occurrence: The frequency with which a specific threat or risk will occur within a single year.
what is SLE?
Single Loss Expectancy: The cost associated with a single realized risk against a specific asset
How do you calculate the ALE?
ALE = ARO * SLE
What is SLA?
Service Level Agreement
What is BPA?
Business Partnership Agreement
What is MOA/MOU ?
Memorandum of Agreement/Understanding
What is ISA?
Interconnection Security Agreement
What is AUP?
Acceptable Use Policy
What is BYOD?
Bring Your Own Device
What is CYOD?
Choose Your Own Device
What isCOPE?
Company Owned, Personally Enabled
What is VDI?
Virtual Desktop Infrastructure
What is AV?
Asset Value - Monetary value of the information asset
What is EF?
Exposure Factor: Percentage of loss that an organization would experience if a specific asset were violated by a realized risk.