CISSP ch 2 Flashcards
(37 cards)
IAM
identity and access management
Provision the account and assign necessary privileges and access
AUP
acceptable use policy
UBA
User behavior analytics
UEBA
User and entity behavior analytics
VMS
Vendor management system
Software that assists with the management and procurement of staffing services, hardware, software, and other needed products and services
PCI DSS
Payment card industry data security standard
FERPA
Family educational rights and privacy act
AV
Asset value
EF
exposure factor
Risk
Possibility that a threat will exploit a vulnerability to cause harm to an asset and the severity of damage that could result
Threat x vulnerability
Probability of harm x severity of harm
Attack
Intentional attempt to exploit a vulnerability to cause damage, loss or disclosure of assets
Breach
Successful attack
Intrusion, penetration
ACS
Annual cost of safeguard
SCA
security control assessment
Formal evaluation of a security infrastructure’s individual mechanisms against a baseline or reliability expectation
ERM
enterprise risk management
RMM
risk maturity model, 5 levels
Ad hoc, preliminary, defined, integrated, optimized
RMM lv 1
Ad hoc
Chaotic starting point
RMM lv 2
Preliminary
Loose attempts to follow risk management processes, each department may perform risk assessment uniquely
RMM lv 3
Defined
A common or standardized risk framework is adopted org wide
RMM lv 4
Integrated
Risk management operations are integrated into business processes
Metrics are used to gather effectiveness data
Risk is considered an element in business strategy
RMM lv 5
Optimized
Focus on achieving objectives rather than just reacting to external threats
Increased strategic planning
Lessons learned are reintegrated into risk management process
EOL
End of life
EOS / EOSL
End of support / end of service life
RMF
NIST risk management framework, 6 cyclical phases
Prepare
Categorize (systems)
Select (controls)
Implement (controls)
Assess (controls)
Authorize (system)
Monitor (system and controls)
