Chapter 2 - Risk Flashcards
(4 cards)
Privacy Addressed?
Must be addressed when allowing or restricting personal email use, retaining email, recording phone conversations, gathering info about surfing or spending habits, etc.
Risk Analysis
○ Asset - anything to be protected, anything used in business process or task
○ Asset Valuation - $ amount assigned to asset based on actual cost and nonmonetary expenses
○ Threats - any potential occurrence that may cause an undesirable or unwanted outcome for an org or for a specific asset
○ Vulnerability - weakness in an asset or absence or weakness of safeguard
○ Exposure - being susceptible to asset loss because of a threat
○ Risk - possibility or likelihood that a threat will exploit a vuln to cause harm to an asset.
○ Safeguards/Countermeasure - anything that removes or reduces a vuln or protects against on or more threats.
○ Attack - exploitation of a vuln by a threat agent
Breach - security mechanism bypassed or thwarted by threat agent
Controls Gap
Difference between risk and residual risk.
Amount of risk reduced by implementing safeguards
Risk Mgmt Framework
- Categorize - Information systems
- Select - Security controls
- Implement - Security controls
- Assess - Security controls
- Authorize - Information system
- Monitor - Security controls
