Week 6 Flashcards

1
Q

What is IT risk

A

The potential for an unplanned event involving information technology to threaten an enterprise objective (probability * impact)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a downside risk?

A

probable negative outcome

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a upside risk?

A

probable positive outcome

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the components of the 4A framework?

A
  1. Availability: Keeping systems running
  2. Access (confidentiality): Ensuring appropriate acces to data and systems
  3. Accuracy (integrity): Providing correct, timely and complete information
  4. Agility: Being able to make necessary business changes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the components of the security triad?

A
  1. Confidentiality (acces)
  2. Integrity (accuracy)
  3. Availability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the three core disciplines of IT Risk Management?

A
  1. Foundation (A base infrastructure, no spaghetti)
  2. Risk governance process (procedures and policies)
  3. Risk-aware culture (everyone has appropriate knowledge of risk)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the three possible reactions to IT risk types?

A
  1. Do nothing (No intruders, not malicious)
  2. Shutdown and rebuild (malicious code and will attack soon)
  3. Build a mirror (malicious and will not attack soon)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the four components of risk management?

A
  1. Low cost, tolerable risk (lowest priority)
  2. High cost, tolerable risk (bear the risk)
  3. High cost, introlerable risk (capitalize costs of risk mitigation)
  4. Low cost, intolerable risk (mitigate ASAP)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the four crisis customer contact response strategies in data breaches?

A
  1. Defensive strategy
  2. Accommodative strategy
  3. Moderation strategy
  4. Image renewal strategy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are the components of the defensive strategy?

A
  1. Denial (act like there is no breach)

2. Excuse (minimize responsibility)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the components of the Accommodative strategy?

A
  1. Apology (apologizing for the breach)

2. Remedial actions (repair and control the damage)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the components of the Moderation strategy?

A
  1. Ingratiation (make shareholders like organization)

2. Justification (minimize the perceived damage)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the components of the Image renewal strategy?

A
  1. Correction commitment (reassure that company will avoid similar incidents in the future)
  2. Stakeholder commitment (reassure that company is commited to providing best services/products)
  3. Value commitment (reassure that company is committed to its core values)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the effects of the defensive strategy on stock price for high and low reputable firms?

A

High: no significant influence
low: negative, but not significant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the effects of the Accommodative strategy on stock price for high and low reputable firms?

A

High: no significant influence
low: negative, but not significant

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the effects of the Moderation strategy on stock price for high and low reputable firms?

A

High: no significant influence
Low: Positive influence

17
Q

What are the effects of the Image renewal strategy on stock price for High and low reputable firms?

A

High: no significant influence
Low: Positive influence

18
Q

What is Identity and Acces Management (IAM)

A

The organizational process for authorizing people to have acces to applications, systems or networks

19
Q

What are the three core disciplines of IT risk management?

A
  1. Create risk governance process
  2. Create a risk-aware culture
  3. Reduce IT complexity (foundation)
20
Q

What are the components of a Customer contact disclosure strategy?

A
  1. Disclosure to whom?
  2. Medium
  3. Who contacts them?
  4. When to contact?
  5. What to say?
21
Q

When is availability the issue in a crisis and what is the response?

A

Cause: Ddos or database has been renamed
Response: stop responding to IP adress, rename file to original name

22
Q

When is acces the issue in a crisis and what is the response?

A

Cause: security holes and malicious codes
Response: technology change/upgrade and remove suspicious files

23
Q

When is accuracy the issue in a crisis and what is the response?

A

Cause: corrupted database or attacker changed data
Response: use backup