Vocab 4 Flashcards
Often known as a sniffer; dedicated hardware or software that collects network traffic for the purposes of examination, either for determining network issues or for capturing plain-text usernames, passwords, or other sensitive information being sent in the clear.
protocol analyzer
An assessment technique that uses subjective values, such as low, moderate, and high, to describe various components of risk, such as likelihood and impact. Qualitative techniques rely on data that is often not easily described in numerical terms.
qualitative assessment
An assessment technique that uses nonsubjective values, such as numerical or other quantitative data, to describe various components of risk, such as likelihood and impact. Quantitative techniques rely on data that is numerically derived and not easily subject to individual opinion.
quantitative assessment
Risk responses that are high reward and low cost, which are both effective and efficient.
quick wins
The maximum tolerable time period in which data can be lost by the organization because of an incident or disaster.
recovery point objective (RPO)
The maximum amount of time that can be allowed to pass between an incident and recovering the business to an operational state.
recovery time objective (RTO)
The ability of the business to survive negative events and continue with its mission and function.
resilience
The possibility of harm that can come to an asset or an organization.
risk
When an active decision is made to assume risk (either inherent or residual) and take no further action to reduce it.
risk acceptance
The organization’s overall acceptable level of risk for a given business venture.
risk appetite
The process of identifying and assessing various factors, including threats, threat actors, vulnerabilities, assets, and likelihood, to determine their impact on the organization.
risk assessment
An option taken when, after controls have been considered, the level of risk is still not acceptable, and the project isn’t started or is canceled.
risk avoidance
The overall attitude toward risk, promulgated and supported by the organization’s leadership.
risk culture
Any factor that may contribute to an increase or decrease in risk; risk factors could be external or internal, and they could affect either likelihood or impact should a risk event actually occur.
risk factor
ISACA’s own risk management methodology; it is strongly tied to and integrated with COBIT 5. The Risk IT Framework merges traditional IT models with a more risk-focused mind-set.
Risk IT Framework
