Week 10-2 Flashcards
What is a vulnerability-oriented analysis?
Identify and rank a set of exploitable weaknesses to determine how to mitigate or deal with them
What is the purpose of risk management?
To measure the impact of a threat and the cost to implement controls or countermeasures to mitigate that threat.
What does it mean to accept a risk?
Acknowledge the risk when the cost of mitigation is higher than the impact.
What does avoiding a risk involve?
Discontinuing activities or operations.
What does transferring a risk mean?
Sharing the risk with a third party, like outsourcing or purchasing cyber insurance.
What does mitigating a risk involve?
Implementing security measures and controls to reduce the impact or the probability of happening.
What are the categories of controls in cyber security?
- Administrative Control
- Technical Control
- Physical Control.
What is a preventive control?
Prevents incidents from occurring, employed before an event occurs.
What is a detective control?
Monitors and detects different types of unauthorized behavior or activities.
What is a corrective control?
Implements after an event has occurred.
What is a recovery control?
Restores resources, functions, and capabilities back to a normal state after an incident.
What is a compensative control?
Alternative options put in place to satisfy security requirements that are either impractical or too difficult to implement.
