Bus 400 Ch. 5
The military uses a ____-level classification scheme.
5
____ is simply how often you expect a specific type of attack to occur.
ARO
The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.
Accept control
The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a(n) ____.
CBA
Risk ____ is the application of controls to reduce the risks to an organization's data and information systems.
Control
____ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.
DR
The concept of competitive ____ refers to falling behind the competition.
Disadvantage
Management of classified data includes its storage and ____.
Distribution, portability, and destruction (All of the above)
There are individuals who search trash and recycling — a practice known as ____ — to retrieve information that could embarrass a company or compromise information security.
Dumpster diving
A(n) ____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.
FCO
The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the ____ plan.
IR
____ addresses are sometimes called electronic serial numbers or hardware addresses.
MAC
____ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.
Operational
____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.
Risk
The first phase of risk management is ____.
Risk identification
____ policies address the particular use of certain systems.
Systems-specific
Risk ____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.
appetite
In the U.S. military classification scheme, ____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national
confidential
Many corporations use a ____ to help secure the confidentiality and integrity of information.
data classification scheme
The ____ strategy attempts to prevent the exploitation of the vulnerability.
defend
The ____ security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.
general
The ____ security policy is a planning document that outlines the process of implementing security in the organization.
program
When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a(n) ____.
standard of due care
The ____ strategy attempts to shift risk to other assets, other processes, or other organizations.
transfer control
In a(n) ____, each information asset is assigned a score for each of a set of assigned critical factor.
weighted factor analysis
