Chapter 8

Ace your homework & exams now with Quizwiz!

Which of the following is a network device attribute that is tied to the network interface?

MAC address

What attribute does NOT apply to software information assets?

Physical location

The identification and assessment of levels of risk in an organization describes which of the following?

Risk analysis

Determining the cost of recovery from an attack is one calculation that must be made to identify risk, what is another?

cost of prevention

Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.

likelihood

What is the final step in the risk identification process?

listing assets in order of importance

Risk ____________ is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be mitigated.

management

What is an example of a technological obsolescence threat?

outdated servers

As each information asset is identified, categorized, and classified, a ________ value must also be assigned to it.

relative

The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability is the definition of what?

risk assessment factors

An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?

uncertainty

What is NOT among the typical columns in the ranked vulnerability risk worksheet?

uncertainty percentage

What is defined as specific avenues that threat agents can exploit to attack an information asset?

vulnerabilities

Two of the activities involved in risk management include identifying risks and assessing risks. What activity is part of the risk assessment process?

Calculating the risks to which assets are exposed in their current setting

Two of the activities involved in risk management include identifying risks and assessing risks. What is part of the risk identification process?

Calculating the risks to which assets are exposed in their current setting.

Each manager in the organization should focus on reducing risk. This is often done within the context of one of the three communities of interest, which includes all but which of the following?

Executive management must develop corporate-wide policies

(T/F) Having an established risk management program means that an organization's assets are completely protected.

False

(T/F) MAC addresses are considered a reliable identifier for devices with network interfaces, since they are essentially foolproof.

False

Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult?

IP address

What distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

Manufacturer's part number

(T/F) Some threats can manifest in multiple ways, yielding multiple vulnerabilities for an asset-threat pair.

True

(T/F) The Australian and New Zealand Risk Management Standard 4360 uses qualitative methods to determine risk based on a threat's probability of occurrence and expected results of a successful attack.

True

Classification categories must be ____________________ and mutually exclusive.

comprehensive

Classification categories must be mutually exclusive and what?

comprehensive

As part of the risk identification process, listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.

factor analysis


Related study sets

Стоматологія.КРОК 1.БАЗА 2014.Мікробіологія(частина 2)

View Set

Chapter 1-8 Overview EXAM #1 CRUHL

View Set

Ms.Silva's Theorems, Postulates, Definitions, and Formulas

View Set

Med Surg Chapter 43 pg 1008-1014 & 1018-1021/BPH, Vasectomy, & ED #2

View Set

Chapter 27: Management of Patients With Coronary Vascular Disorders

View Set

Basic Nursing Chapter Two Clinical Judgement

View Set

Intraoperative Nursing Management

View Set

12-11 Network Infrastructure Security Group

View Set

Chapters 7 10 11 12 Econ 410 Final Review

View Set