MIS Chapter 4:
Annual probability that a stated threat will be realized is called a secuirty gap
False
What is meant by risk register?
A list of identified risks that results from the risk-identification process
A ___________ is a formal analysis of an organization's functions and activities that classifies them as critical or noncritical.
BIA
A parallel test evaluates the effectiveness of the ________ by enabling full processing capability at an alternate data center without interrupting the primary data center.
DRP
Qualitative risk analysis is a list of identified risks that results from the risk-identification process.
False
The term risk methodology refers to a list of identified risks that results from the risk-identification process.
False
________ is the difference between the security controls you have in place and the controls you need to have in place in order to address all vulnerabilities.
Security gap
Risks can be a positive thing, and a risk management plan should address positive and negative risk outcomes.
True
__________ is rapidly becoming an increasingly important aspect of enterprise computing.
disaster recovery
_______ is the proportion of value of a particular asset likely to be destroyed by a given risk, expressed as a percentage.
exposure factor (EF)
__________ tests interrupt the primary data center and transfer processing capability to an alternate site.
full-interruption
The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks.
quantitative risk analysis
The process of managing risks starts by identifying __________.
risks
The proportion of value of a particular asset likely to be destroyed by a given risk, expressed as a percentage, is exposure factor (EF).
true
The term annual rate of occurrence (ARO) describes the annual probability that a stated threat will be realized.
true
The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.
true
The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
true
Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.
False
What is the Project Management Body of Knowledge (PMBOK)?
a collection of the knowledge and best practices of the project management profession
how often should an organization perform a risk management plan?
annually
The first step in risk analysis is to determine what and where the organization's _________ are located.
assets
A___________ primarily addresses the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.
business continuity plan
Information security activities directly support several common business drivers, including ________ and efforts to protect intellectual property.
compliance
Any organization that is serious about security will view ___________ as an ongoing process.
risk management
Your _________ plan shows that you have examined risks to your organization and have developed plans to address each risk.
risk-response
What is meant by annual rate of occurrence (ARO)?
the annual probability that a stated threat will be realized
RTO identifies the maximum allowable ________ to recover the function.
time
Single loss expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE= Resource Value × EF.
true