Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
What is a vulnerability?
|
The absence of a safeguard, or weakness that can be exploited.
|
|
What is a threat?
|
The possibility that someone or something would exploit a vulnerability, intentionally or accidentally, and cause harm
|
|
What is a risk?
|
The probability of a threat agent exploiting a vulnerability and the loss potential
|
|
How do you reduce risk?
|
By reducing vulnerabilities and/or threats
|
|
What is exposure?
|
An instance of being exposed to losses from a threat.
|
|
Explain what is a countermeasure?
|
• also called a safeguard, mitigates the risk.
• can be an application, software configuration, hardware, or procedure. |
|
What is 'due care'?
|
acting responsibly to lower probability of being found negligent and liable if a security breach takes place.
|
|
What is the objective of information security?
|
provide availability, integrity, and confidentiality (AIC or CIA)
|
|
What are the 3 phases of planning horizon?
|
Strategic planning is long
Tactical planning is midterm Operational planning is day to day |
|
What is the ISO/IEC 27002 standard?
|
(formerly ISO 17799 Part 1) comprehensive set of controls comprising best practices in information security
provides guidelines on how to set up and maintain security programs. |
|
Define Security Components
|
technical (firewalls, encryption, and access control lists) or
nontechnical (security policy, procedures, and compliance enforcement). |
|
What must be done before a risk analysis is performed?
|
Project sizing
which means to understand and document the scope of the project |
|
What is degree of confidence that a certain security level is being provided?
|
Assurance
|
|
These 4 domains:
Plan and Organize, Acquire and Implement, Deliver and Support, and Monitor and Evaluate make up what? |
CobiT [Control Objectives for Information and related Technology]
developed by the Information Systems Audit and Control As- sociation (ISACA) and the IT Governance Institute (ITGI) |
|
What are the Steps of Risk Analysis?
|
1: Assign Value to Assets
2: Estimate Potential Loss per Threat 3: Perform a Threat Analysis 4: Derive the Annual Loss Potential 5: Reduce,Transfer, Avoid, or Accept the Risk |