Chapter 4

FCO

A(n) _____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.

Weighted Factor Analysis

In an_______, each information asset is assigned a score for each of a set of assigned critical factor

data classification scheme

Many corporations use a _____ to help secure the confidentiality and integrity of information.

program

The ____ security policy is a planning document that outlines the processof implementing securitt in the organization

defend control

The _____ strategy attempts to prevent the exploitation of the vulnerability.

transfer control

The _____ strategy attempts to shift risk to other assets, other processes, or other organizations.

Accept control

The _____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

IR

The actions and organization can and perhaps should take while and incident is in the progress should be specified in a document called the __ plan

Risk Identification

The first phase of rish management is______

CBA

The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) _____.

dumpster diving

There are individuals who search trash and recycling - a practice known as _____ - to retrieve information that could embarrass a company or compromise information security.

standard of due care

When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) _____.

DR

_____ plan usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dustsettles, or the floodwaters recede.

system specific

_____ policies address the particular use of certain systems.

MAC

addresses are sometimes called electronic serial numbers or hardware addresses

risk

equals likelihood of vulnerability occurrence times value minus already controlled plus an element of uncertanity

operational

feasibility analysis examines user acceptance and support, managment acceptance and support, and the overall requirements of the organization's stakeholders

confidential

in the U.S. military classification scheme,_____ data is any information or material the unathorized disclosure of which reasonbly could be expected to cause damage to the national security

ARO

is simply how often you expect a specific type of attack to occur

Risk Control

is the application of control to reduce the risk to an organizations data and information

general

the ___ security policy is an executive level document that outlines the organizations approach and sttitude towards information security and relates the strategic value of information security within the organization

disadvantage

the concept of competitive _____ refers to falling behind the competition

five

the military uses a_____ level classification scheme