Chapter 1 - Measuring and Weighing Risk Flashcards Preview

CompTIA Security+ > Chapter 1 - Measuring and Weighing Risk > Flashcards

Flashcards in Chapter 1 - Measuring and Weighing Risk Deck (25):
1

Rene

What is the Risk Calculator?

page 5.
SLE x ARO = ALE =>(AV x EF) x ARO = ALE
ALE = Annual Loss Expectancy, measures how much loss you could expect in a year.
ARO = Annualized Rate of Occurance
SLE = Single Loss Expectancy, represents how much you expect to lose at any one time.
AV - Asset Value
EF = Exposure Factor

2

Rene

What are Threat Vectors?

page 8.
Is the way in which an attacker poses a threat.
Can be anything from a fake email that lures you into clicking (phishing) or an unsecure hotstop.

3

Rene

What is the measure of the anticipated incident of failures for a system or component?

page 8
Mean Time Between Failures (MTBF)

4

Rene

What is Risk Assessment?

page 3
Deals with the threats, vulnerabilities and impacts of a loss of information-processing capabilities or a loss of information itself.

5

Rene

What is the best way to explain quantitative and qualitative?

page 7
Quantitative - think of the goal as determining a dollar amount

Qualitative - think of a best guess or opinion of the loss, including reputation, goodwill and irreplaceable information, pictures or data that get you to a subjective loss amount.

6

Rene

What is the average time to failure for a non-repairable system?

page 8
Mean Time to Failure (MTTF)

7

Rene

What involves identifying a Risk and making the decision not to engage any longer the actions associated with that risk?

page 9
Risk Avoidance

8

Rene

What is the maximum amount of time that a process or service is allowed to be down and the consequences still be considered acceptable?

page 9
Recovery Time Objective (RTO)

9

Rene

What does not imply to shift the risk completely to another entity?

page 9
Risk Transference
The burden of the risk is shared with someone else, such as an insurance company.

10

Rene

What is similar to RTO, but it defines the point at which the system needs to be restored?

page 9
Recovery Point Objective (RPO)

11

Rene

How is Risk Mitigation Achieved?

page 9
Anytime you take steps to reduce risk.
* antivirus software
* educating users
* monitoring network traffic
* adding firewall

12

Rene

What is the measure of how long it takes to repair a system or component once a failure occurs?

page 8
Mean Time to Restore (MTTR)

13

Rene

What can posting prosecution policies on your login pages and convincing them that you have steps in place to ID intrusions and act on them?

page 10
Risk Deterrence

14

Rene

When you choose not to implement any prevention of risk due to costs and accept the potential costs or damage and agree to accept it.

page 10
Risk Acceptance

15

Rene

What is cloud computing and examples?

page 17
Hosts services and data on the Internet instead of hosting it locally.

Office 365, Google Docs

Google Drive, Sky Drive, Amazon Web Services

16

Rene

What is IaaS?

page 17
Infrastructure as a Service
* utilizes visualization and clients pay an outsource for resource used
*closely resembles the traditional utility model used by electric, gas and water providers
* Go Grid is a well known example

17

Rene

What is SaaS?

page 17
Software as a Service
* applications are remotely run over the Web, big advantage, no HW required
* Best know model this type is Salesform.com

18

Rene

What is PaaS?

page 17
Platform as a Service
* AKA cloud platform services
* vendors allow apps to be created and run on their infrastructure
* two well known models are Amazon Web Services and Google Code

19

Rene

What defines what controls are required to implement and maintain the sanctity of data privacy in the work environment?

page 24
Private Policies
Think of the private policy as a legal document that outlines how data collected is secured.

20

Rene

What describes how the employees in an organization can use company systems and resources, both SW and HW?

page 24
Acceptable Use Policies, AKA "use policy"
* when portable devices are plugged directly into a PC, they bypass security measures (such as Firewalls) and allow data to be copied in what is known as "pod slurping"
* this can also be done if employees start using free cloud drives instead

21

Rene

What are Security Policies?

page 25
They define what controls are required to implement and maintain the security of systems, users and netwroks.

22

Rene

What policy requires all users to take time away from work to refresh?

page 25
Mandatory Vacation

23

Rene

What is BIA?

page 29
Business Impact Analysis
Process of evaluating all the critical systems in an organization to define impact and recovery plans

24

Rene

What refers to the measures used to keep services operational during an outage?

page 32
High Availability

25

Rene

What refers to systems that either are duplicated or "fail over" to other systems in event of a malfunction?

page 32
Redundancy