Related Essays

  • Steps Of A Security Risk Assessment

    As a large Fortune 500 company, it is extremely important that all measures against threats are managed properly. With the advancement in Information Technol...

  • Risk Analysis And Risk Management

    For an organization to successfully enforce its security program, it must take risk analysis and risk management into consideration. A risk analysis will ide...

  • Information Security Program

    Risk management is the process of identifying the risk, represented in vulnerabilities and threats, to an organization’s information assets, and taking neces...

  • Application Security: Why It's Important?

    From the point of view of danger administration, risk demonstrating is the deliberate and key methodology for distinguishing and counting dangers to an appli...

  • Risk Analysis Assignment

    Instructor Due Date Part 1 2 3 4 Total Maximum Points 25 points 25 points 25 points 25 points 100 points Your Score Textbook Reading ...

  • The Third Elements Of Risk Organization And Governance

    This element mainly contains traditional risks associated with an organization and its operations. However, with the ever growing continuum of information te...

  • Unintentional Security Risks

    There are many risks in the world. Risk can be defined as the degree of probability of loss. Risk could also be referred to as a threat. In the informati...

  • Security Manager Preparedness

    Before a security manager can “sell” a strategy, the manager must first have a keen awareness of what the organization does and how security fits into it. T...

  • Cyber Attack Case Study

    1a. Strategic planning to prevent and/or fight off cyber attacks Preventing Cyber Attack-Identifying Top Risks Strategic planning begins with the preven...

  • Information Security Risk Analysis

    In Humphreys’s (2010) “Information Security Risk Management,” he claims that for a risk assessment to be meaningful to an organization, the “security risks m...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/15

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

15 Cards in this Set

  • Front
  • Back
What is a vulnerability?
The absence of a safeguard, or weakness that can be exploited.
What is a threat?
The possibility that someone or something would exploit a vulnerability, intentionally or accidentally, and cause harm
What is a risk?
The probability of a threat agent exploiting a vulnerability and the loss potential
How do you reduce risk?
By reducing vulnerabilities and/or threats
What is exposure?
An instance of being exposed to losses from a threat.
Explain what is a countermeasure?
• also called a safeguard, mitigates the risk.
• can be an application, software configuration, hardware, or procedure.
What is 'due care'?
acting responsibly to lower probability of being found negligent and liable if a security breach takes place.
What is the objective of information security?
provide availability, integrity, and confidentiality (AIC or CIA)
What are the 3 phases of planning horizon?
Strategic planning is long
Tactical planning is midterm
Operational planning is day to day
What is the ISO/IEC 27002 standard?
(formerly ISO 17799 Part 1) comprehensive set of controls comprising best practices in information security
provides guidelines on how to set up and maintain security programs.
Define Security Components
technical (firewalls, encryption, and access control lists) or
nontechnical (security policy, procedures, and compliance enforcement).
What must be done before a risk analysis is performed?
Project sizing
which means to understand and document the scope of the project
What is degree of confidence that a certain security level is being provided?
Assurance
These 4 domains:
Plan and Organize,
Acquire and Implement,
Deliver and Support, and
Monitor and Evaluate make up what?
CobiT [Control Objectives for Information and related Technology]

developed by the Information Systems Audit and Control As- sociation (ISACA) and the IT Governance Institute (ITGI)
What are the Steps of Risk Analysis?
1: Assign Value to Assets
2: Estimate Potential Loss per Threat
3: Perform a Threat Analysis
4: Derive the Annual Loss Potential
5: Reduce,Transfer, Avoid, or Accept the Risk