Security Ch 4

Ace your homework & exams now with Quizwiz!

What is the difference between a BCP and DRP?

A DRP is part of a BCP

What is the Project Management Body of Knowledge (PMBOK)?

A collection of the knowledge and best practices of the project management profession.

What is meant by risk register?

A list of identified risks that results from the risk-identification process.

Which of the following best describes quantitative risk analysis?

A risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.

A___________ primarily addresses the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.

BCP

A___________ will help identify not only which functions are critical, but also how quickly essential business functions must return to full operation following a major interruption.

BIA

The recovery point objective (RPO) identifies the amount of _________ that is acceptable.

Data loss

The __________ is the proportion of an asset's value that is likely to be destroyed by a particular risk.

EF

____ test interrupt the primary data center and transfer processing capability to an alternate site

Full-interruption

The formal process of monitoring and controlling risk focuses on _____________ new risks.

NOT analyzing

The process of managing risks starts by identifying __________.

Risk

Any organization that is serious about security will view ___________ as an ongoing process.

Risk management

________ is the difference between the security controls you have in place and the controls you need to have in place in order to address all vulnerabilities.

Security gap

RTO identifies the maximum allowable ________ to recover the function.

Time

(T/F) Having too many risks in the risk register is much better than overlooking any severe risk that does occur.

True

(T/F) Single loss expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE= Resource Value × EF.

True

(T/F) The first step in a vulnerability assessment is to determine the assets that need to be protected.

True

(T/F) The term annual rate of occurrence (ARO) describes the annual probability that a stated threat will be realized.

True

(T/F) The term risk management describes the process of identifying, assessing, prioritizing and addressing risks

True

The recover point objective (RPO) identifies the amount of _____that is acceptable

data loss

______is rapidly becoming an increasingly important aspect of enterprise computing

disaster recovery

what name is given to a risk-analysis method that uses relative ranking to provide further definition of the identified risks in order to determine responses to them?

qualitative risk analysis

(T/F) Most enterprises are essentially prepared for a disaster when it happens.

False

(T/F) Qualitative risk analysis is a list of identified risks that results from the risk-identification process.

False

(T/F) Residual risk is a risk-analysis method that uses mathematical formulas and numbers to assist in ranking risk severity.

False

(T/F) The Delphi method is the estimated loss due to a specific realized threat. The formula to calculate this loss is =SLE × ARO.

False

(T/F) The annual probability that a stated threat will be realized is called a security gap.

False

(T/F) The term risk methodology refers to a list of identified risks that results from the risk-identification process.

False

how often should an organization preform a risk management plan

NOT annually

(T/F) The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

True

Information security activities directly support several common business drivers, including ________ and efforts to protect intellectual property.

compliance


Related study sets

DIGESTIVE SYSTEM: STOMACH AND SMALL INTESTINE

View Set

CGS1100 CE Computer chapter 3 Quiz 3 second attempt

View Set

Apush American Pageant Ch.11 Questions

View Set

TTU Interpersonal Communication Exam 3

View Set

Chapter 01: Modern Project Management (1X2 & true/false)

View Set

Chapter 31: Assessment and Management of Patients With Hypertension: Part 1

View Set