Security Ch 4
What is the difference between a BCP and DRP?
A DRP is part of a BCP
What is the Project Management Body of Knowledge (PMBOK)?
A collection of the knowledge and best practices of the project management profession.
What is meant by risk register?
A list of identified risks that results from the risk-identification process.
Which of the following best describes quantitative risk analysis?
A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.
A___________ primarily addresses the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.
BCP
A___________ will help identify not only which functions are critical, but also how quickly essential business functions must return to full operation following a major interruption.
BIA
The recovery point objective (RPO) identifies the amount of _________ that is acceptable.
Data loss
The __________ is the proportion of an asset's value that is likely to be destroyed by a particular risk.
EF
____ test interrupt the primary data center and transfer processing capability to an alternate site
Full-interruption
The formal process of monitoring and controlling risk focuses on _____________ new risks.
NOT analyzing
The process of managing risks starts by identifying __________.
Risk
Any organization that is serious about security will view ___________ as an ongoing process.
Risk management
________ is the difference between the security controls you have in place and the controls you need to have in place in order to address all vulnerabilities.
Security gap
RTO identifies the maximum allowable ________ to recover the function.
Time
(T/F) Having too many risks in the risk register is much better than overlooking any severe risk that does occur.
True
(T/F) Single loss expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE= Resource Value × EF.
True
(T/F) The first step in a vulnerability assessment is to determine the assets that need to be protected.
True
(T/F) The term annual rate of occurrence (ARO) describes the annual probability that a stated threat will be realized.
True
(T/F) The term risk management describes the process of identifying, assessing, prioritizing and addressing risks
True
The recover point objective (RPO) identifies the amount of _____that is acceptable
data loss
______is rapidly becoming an increasingly important aspect of enterprise computing
disaster recovery
what name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them?
qualitative risk analysis
(T/F) Most enterprises are essentially prepared for a disaster when it happens.
False
(T/F) Qualitative risk analysis is a list of identified risks that results from the risk-identification process.
False
(T/F) Residual risk is a risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.
False
(T/F) The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is =SLE × ARO.
False
(T/F) The annual probability that a stated threat will be realized is called a security gap.
False
(T/F) The term risk methodology refers to a list of identified risks that results from the risk-identification process.
False
how often should an organization preform a risk management plan
NOT annually
(T/F) The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.
True
Information security activities directly support several common business drivers, including ________ and efforts to protect intellectual property.
compliance