IS 413 Module 7

_____ is simply how often you expect a specific type of attack to occur. CBA ALE SLE ARO

Annualized rate of occurence(ARO)

The formal decision-making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) _____. ALE CBA SLE ARO

Cost Benefit Analysis (CBA)

A(n) _____ scheme is a formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it. risk management data recovery security clearance data classification

Data Classification

The concept of competitive _____ refers to falling behind the competition. disadvantage shortcoming drawback failure

Disadvantage

"Know the enemy" means identifying, examining, and understanding the competition facing the organization. _____ True False

False

According to Sun Tzu, if you know yourself and know your enemy, you have an average chance to be successful in an engagement. True False

False

Identifying human resources, documentation, and data information assets of an organization is easier than identifying hardware and software assets. True False

False

Risk mitigation is the process of assigning a risk rating or score to each information asset. _____ True False

False

Risk perception is the assessment of the amount of risk an organization is willing to accept for a particular information asset, typically part of the risk appetite. _____ True False

False

_____ addresses are sometimes called electronic serial numbers or hardware addresses. IP DHCP HTTP MAC

MAC

Which of the following is NOT one of the categories recommended for categorizing information assets? People Hardware Firmware Procedures

People

Establishing a competitive business model, method, or technique enables an organization to provide a product or service that is superior and creates a(n) competitive advantage. _____ True False

True

If the acceptance risk treatment strategy is used to handle every vulnerability in the organization, its managers may be unable to conduct proactive security activities and may portray an apathetic approach to security in general. True False

True

Likelihood is the probability that a specific vulnerability within an organization will be the target of an attack. _____ True False

True

Risk acceptance defines the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility. _____ True False

True

Some information security experts argue that it is virtually impossible to determine the true value of information and information-bearing assets. True False

True

The identification, analysis, and evaluation of risk as initial parts of risk management is called risk assessment. _____ True False

True

The mitigation risk treatment strategy applies controls and safeguards that eliminate or reduce the remaining uncontrolled risk. _____ True False

True

When determining the relative importance of each asset, refer to the organization's mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts. True False

True

In a _____, assets or threats can be prioritized by identifying criteria with differing levels of importance, assigning a score for each of the criteria, and then summing and ranking those scores. threat assessment data classification scheme weighted table analysis risk management program

Weighted table analysis