chp 8

Ace your homework & exams now with Quizwiz!

An organization knows that a risk exists and has decided that the cost of reducing it is higher than the loss would be. This can include self-insuring or using a deductible. This is categorized as ________. 259

risk acceptance

A company can discontinue or decide not to enter a line of business if the risk level is too high. This is categorized as ________. 259

risk avoidance

What term is used to describe something built in or used in a system to address gaps or weaknesses in the controls that could otherwise lead to an exploit?

safeguard

It is necessary to create and/or maintain a plan that makes sure your company continues to operate in the face of disaster. This is known as a ________. 250

business continuity plan

The ________ is a simple review of a plan by managers and the business continuity team to make sure that contact numbers are current and that the plan reflects the company's priorities and structure. 268

checklist test

Forensics and incident response are examples of ___________ controls. 263

corrective

A measure installed to counter or address a specific threat is the definition of ________. (vocab)

countermeasure

An intrusion detection system (IDS) is an example of ___________ controls. 263

detective

A(n) ________ is a measurable occurrence that has an impact on the business. 251

event

Among common recovery location options, this is one that can take over operations quickly. It has all the equipment and data already staged at the location, though you may need to refresh or update the data. 276

hot site

Notification, response, recovery and follow-up, and documentation are all components of what process? 271

incident handling

What term is used to describe the probability that a potential vulnerability might be exercised within the construct of an associated threat environment? 251

likelihood

You must consider many factors when evaluating countermeasures. Countermeasures might generate more calls to the help desk, slower response times for users, and so on. This is referred to as ________. 262

productivity impact

A countermeasure, without a corresponding __________, is a solution seeking a problem; you can never justify the cost. 250

risk

The ________ identifies staff reaction and response times as well as inefficiencies or previously unidentified vulnerabilities. All members of the staff involved in operations or procedures participate in the test. 268

simulation test

A control that is carried out or managed by a computer system is the definition of ________. 263

technical control

An attacker or event that might exploit a vulnerability is a(n) ____________. 251

threat source (1)

A(n) ________ is an intent and method to exploit a vulnerability. 251

threat source (2)

A _____________ is a flaw or weakness in a system's security procedures, design, implementation, or internal controls.

vulnerability

A threat source can be a situation or method that might accidentally trigger a(n) ____________. 251

vulnerability

A _________ determines the extent of the impact that a particular incident would have on business operations over time. 266

BIA

____________ is exercised by frequently evaluating whether countermeasures are performing as expected. 262

Due diligence

________ represents the percentage of the asset value that will be lost if an incident were to occur. 256

Exposure factor (EF)

_________ refers to the amount of harm a threat can cause by exploiting a vulnerability. 251

Impact

________ attempts to describe risk in financial terms and put a dollar value on all the elements of a risk. 255

Quantitative risk analysis

___________ is the likelihood that a particular threat exposes a vulnerability that could damage your organization. 250

Risk

________ is a risk management phase that includes assessment of various types of controls to mitigate the identified risks, selection of a control strategy, and justification of choice of controls. - 253

Risk assessment

________ allows an organization to transfer risk to another entity. Insurance is a common way to reduce risk. 259

Risk assignment

________ uses various controls to reduce identified risks. These controls might be administrative, technical, or physical. 258

Risk mitigation

A control involved in the process of developing and ensuring compliance with policy and procedures is the definition of ________. (vocab)

administrative control

How your organization responds to risk reflects the value it puts on its ___________. 248

assets


Related study sets

Chapter 17: Newborn Transitioning (Chapter Worksheet)

View Set

Drugs which need to be protected from light with a light protective cover

View Set

Ch. 3: Corporate Entrepreneurship

View Set

Module 9: Inferential Statistical Methods

View Set

Communications and the Law: Chapter 1

View Set