Chapter 9

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

(T/F) Risks can be avoided by countering the threats facing an asset or by eliminating the exposure of an asset.

True

(T/F) The ISO 27005 Standard for InfoSec Risk Management includes a five-stage management methodology; among them are risk treatment and risk communication.

True

(T/F) The criterion most commonly used when evaluating a strategy to implement InfoSec controls and safeguards is economic feasibility.

True

(T/F) Unlike other risk management frameworks, FAIR relies on the qualitative assessment of many risk components using scales with value ranges.

True

The Microsoft Risk Management Approach includes four phases. Which of the following is NOT one of them?

InfoSec community analysis

Strategies to limit losses before and during a disaster is covered by what in the mitigation control approach?

disaster recovery plan

What should each information asset-threat pair have at a minimum that clearly identifies any residual risk that remains after the proposed strategy has been executed?

documented control strategy

What is a step in Stage 2 - Evaluate Loss Event Frequency of the FAIR risk management framework?

estimate control strength

The __________ level and an asset's value should be a major factor in the risk control strategy selection.

threat

The ____________________ risk control strategy attempts to shift the risk to other assets, processes, or organizations.

transferal

In which technique does a group rate or rank a set of information, compile the results and repeat until everyone is satisfied with the result?

Delphi

What is NOT a valid rule of thumb on risk control strategy selection?

When the attacker's potential gain is less than the costs of attack: Apply protections to decrease the attacker's cost or reduce the attacker's gain, by using technical or operational controls.

The goal of InfoSec is not to bring residual risk to zero; rather, it is to bring residual risk in line with an organization's risk ___________.

appetite

What is usually determined by valuing the information asset or assets exposed by the vulnerability and then determining how much of that value is at risk, and how much risk exists for the asset.

benefit

What is the result of subtracting the post-control annualized loss expectancy and the ACS from the pre-control annualized loss expectancy?

cost-benefit analysis

Application of training and education is a common method of which risk control strategy?

defense

When a vulnerability (flaw or weakness) exists in an important asset, implement security controls to reduce the likelihood of a vulnerability being ___________.

exploited

The NIST risk management approach includes all but what element?

inform

Which of the following affects the cost of a control?

maintenance

The risk control strategy that seeks to reduce the impact of a successful attack through the use of IR, DR and BC plans is ____________________ .

mitigation

What describes an organization's efforts to reduce damage caused by a realized incident or disaster?

mitigation

What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks?

qualitative assessment of many risk components

What can be described as the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility?

risk appetite

The ISO 27005 Standard for Information Security Risk Management includes five stages including all but what?

risk determination

By multiplying the asset value by the exposure factor, you can calculate what?

single loss expectancy


Set pelajaran terkait

Practice T2, EAQ #6 Nursing Process/sexuality, N204 Practice Quizes, Fundamentals Quiz, Health and Physical Assessment, Leadership EAQ's, EAQ NCLEX, Maternity Chap 28, Maternity and Women's Health Nursing - Newborn, Nur 106- Module G2, Pediatric Grow...

View Set

Present Simple vs Present Continuous

View Set

Electrical: NEC Level 4, Entire Second Semester

View Set

Sociology Chapter 1, 2 & 3 Concept Checks

View Set

Hematology and Oncologic Complications

View Set