Vocab 4 Flashcards

You may prefer our related Brainscape-certified flashcards:
1
Q

Often known as a sniffer; dedicated hardware or software that collects network traffic for the purposes of examination, either for determining network issues or for capturing plain-text usernames, passwords, or other sensitive information being sent in the clear.

A

protocol analyzer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

An assessment technique that uses subjective values, such as low, moderate, and high, to describe various components of risk, such as likelihood and impact. Qualitative techniques rely on data that is often not easily described in numerical terms.

A

qualitative assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An assessment technique that uses nonsubjective values, such as numerical or other quantitative data, to describe various components of risk, such as likelihood and impact. Quantitative techniques rely on data that is numerically derived and not easily subject to individual opinion.

A

quantitative assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk responses that are high reward and low cost, which are both effective and efficient.

A

quick wins

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The maximum tolerable time period in which data can be lost by the organization because of an incident or disaster.

A

recovery point objective (RPO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The maximum amount of time that can be allowed to pass between an incident and recovering the business to an operational state.

A

recovery time objective (RTO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The ability of the business to survive negative events and continue with its mission and function.

A

resilience

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The possibility of harm that can come to an asset or an organization.

A

risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

When an active decision is made to assume risk (either inherent or residual) and take no further action to reduce it.

A

risk acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The organization’s overall acceptable level of risk for a given business venture.

A

risk appetite

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The process of identifying and assessing various factors, including threats, threat actors, vulnerabilities, assets, and likelihood, to determine their impact on the organization.

A

risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An option taken when, after controls have been considered, the level of risk is still not acceptable, and the project isn’t started or is canceled.

A

risk avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The overall attitude toward risk, promulgated and supported by the organization’s leadership.

A

risk culture

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Any factor that may contribute to an increase or decrease in risk; risk factors could be external or internal, and they could affect either likelihood or impact should a risk event actually occur.

A

risk factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ISACA’s own risk management methodology; it is strongly tied to and integrated with COBIT 5. The Risk IT Framework merges traditional IT models with a more risk-focused mind-set.

A

Risk IT Framework

How well did you know this?
1
Not at all
2
3
4
5
Perfectly