Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

IRM DIGITAL RISK MANAGEMENT > Cyber Security Glossary Terms > Flashcards

Cyber Security Glossary Terms Flashcards

(103 cards)

Start Studying
1
Q

Cyber Security

A

The protection of digital devices and their communication channels to keep them stable, dependable, and reasonably safe from danger or threat. Usually the required protection level must be sufficient to prevent or address unauthorized access or intervention before it can lead to substantial personal, professional, organisational, financial and/or political harm.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Digital Device

A

Any electronic appliance that can create, modify, archive, retrieve, or transmit information in an electronic format. Desktop computers, laptops, tablets, smartphones and internet connected home devices are all examples of digital devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Defense in Depth

A

The use of multiple layers of security techniques to help reduce the chance of a successful attack. The idea is that if one security technique fails or is bypassed, there are others that should address the attack. The latest (and correct) thinking on defence in depth is that security techniques must also consider people and operations (for example processes) factors and not just technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Virus

A

A form of malicious software that spreads by infecting (attaching itself) to other files and usually seeks opportunities to continue the pattern. Viruses are now less common than other forms of malware. Viruses were the main type of malware in very early computing. For that reason, people often refer to something as a virus when it is technically another form of malware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Crypto analysis

A

The art of examining ciphered information to determine how to circumvent the technique that was used to encode or hide it. Analysing ciphers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cloud

A

An umbrella term used to identify any technology service that used software and equipment not physically managed or developed by the person or org using it. This usually provides advantages of on demand scalability at low cost. Examples include applications that are hosted online, online file storage areas, even providing remote virtual computers. Using a cloud computing will mean the equipment managing the service is run by the cloud provider and not the customer. Usually a cloud service is indicated by an ‘aaS’ suffix. For example, SaaS (software as a service), IaaS (infrastructure as a service), and PaaS (platform as a service).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Vulnerability

A

A weakness that could be compromised and result in damage or harm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Vector

A

Another word for ‘method’ - as in ‘they used multiple vectors for the attack’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Bleeding edge

A

Using inventions so new, they have the likelihood to cause damage to their population before they become stable and safe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Control

A

A method of regulating something, often a process or behaviour, to achieve a desired outcome, usually resulting in a reduction of risk. Depending on how it is designed and used, any single control may be referred to as preventative, detective or corrective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Cyber insecurity

A

A suffering from concern that weaknesses in your cyber security are going to cause you personal or professional harm

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Hacker

A

A person who engages in attempts to gain unauthorised access to one or more digital devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cyber attack

A

To take aggressive or hostile action by leveraging or targeting digital devices. The intended damage is not limited to the digital environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Exploit

A

To take advantage of a security vulnerability. Well known exploits are often given names. Falling victim to a known exploit with a name can be a sign of low security, such as poor patch management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Threat actors

A

An umbrella term to describe the collection of people and orgs that work to create cyber attacks. Examples of threat actors can include cyber criminals, hacktivists and nation states.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Patch management

A

A controlled process used to deploy critical, interim updates to software on digital devices. The release of a software ‘patch’ is usually in response to a critical flaw or gap that has been identified. Any failure to supply new interim software updates promptly can leave open security vulnerabilities in place. As a consequence, promptly applying these updates is considered a critical component of maintaining effective cyber security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Malware

A

Malicious software. A term used to describe the insertion of disruptive, subversive or hostile programs onto a digital device. These can be intentional or unintentional. Intentional versions are usually disguised or embedded in a file that looks harmless. There are many types of malware; adware, botnets, computer viruses, ransomware, scareware, spyware, trojans and worms are all examples of intentional malware. Hackers often use malware to mount cybersecurity attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Botnet

A

Robotic network. A connected set of programs designed to operate together over a network to achieve specific purposes. The purpose can be good or bad. Some programs of this type are used to help support internet connections; malicious uses include taking over control of some or all of a computer’s functions to support large-scale service attacks. Botnets are sometimes referred to as zombie attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Incident response

A

A prepared set of processes that should be triggered when any known or suspected event takes place that could cause material damage to an org. The typical stages are (i) verify the event is real and identify the affected areas, (ii) contain the problem (usually by isolating, disabling, or disconnecting the affected pieces), (iii) understand and eradicate the root cause, (iv) restore the affected components to their fixed state and (v) review how the process went to identify improvements that should be made. An incident response may also be required to trigger other response procedures, such as a breach notification procedure, if any information has been lost that is subject to a notification requirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Breach notification procedure

A

Some types of info, when suspected or known to be lost or stolen, must, by law, be reported to one or more authorities within a defined period. The required notification time period varies by regulator, but is often within 24 hours. In addition to reporting the known suspected loss, the lead organisation responsible for the info (data owner) is required to swiftly notify those affected, and later on, to submit a full root cause analysis and info about how they have responded and fixed the issues. To meet these legal obligations, larger companies usually have a pre-defined breach notification procedure to ensure that the timelines are met. The fines for data breaches are usually increased or decreased based on the adequacy of the org’s breach and incident response management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Exfiltrate

A

To move something with a degree of secrecy sufficient not to be noticed. Used to describe moving stolen data unnoticed through detection systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Firewall

A

Hardware or software used to monitor and protect inbound and outbound data. It achieves this by applying a set of rules. These physical devices or computer programs are usually deployed, at a minimum, at the perimeter of each network access point. Software firewalls can also be deployed on devices to add further security. The rules applied within a firewall are known as the firewall policy. Advanced firewalls are often equipped with other defensive features typical of more unified threat management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Governance

A

The methods used by an executive to keep his or her org on track with the management’s goals and within acceptable performance standards. This is usually achieved by establishing policies, procedures and controls that match the enterprise’s vision, strategy and risk appetite.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Chief Information Security Officer (CISO)

A

A single point of accountability in any org for ensuring that an appropriate framework for managing dangers and threats to electronic and physical info assets is operating and effective.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Policy
(i) a high level statement of intent, often a short document, that provides guidance on the principles an org follows. For example, a basic security policy document could describe the intention for an enterprise to ensure that all locations (physical and electronic) where information for which they are accountable must remain secure from any unauthorised access. A policy does not usually describe the explicit mechanisms or specific instructions that would be used to achieve or enforce the intentions it expresses; this would be described in a procedure. (ii) alternatively, it can also be used to mean the settings (including security settings) inside a software program or operating system.
26
Procedure
Provides guidance or specific instructions on the process (method) that should be used to achieve an objective. Traditionally provided as a document provided to appropriate personnel, but increasingly replaced by instructions that are built into computer systems to enforce required steps. In a traditional quality model, procedures may reside under a policy as an explicit instruction for meeting a particular policy objective.
27
Risk
A situation involving exposure to significant impact or loss. In formal frameworks, risk can be quantified using probability and impact. Other parameters for risk can include proximity (how soon the potential risk may be encountered) and info about which assets, services, products and processes could be affected.
28
Denial of Service (DoS)
An attack designed to stop or disrupt peoples’ use of an org’s systems. Usually, a particular section of an enterprise is targeted; for example, a specific network, system, digital device type or function, these attacks usually originate from, or are targeted at, devices accessible through the internet. If the attack is from multiple source locations, it is referred to as a DDoS attack.
29
Data Loss Prevention
Can describe both (i) the tech and (ii) strategies used to help stop info from being taken out of an org without appropriate authorisation. Software technologies can use heuristics (patterns that fit certain rules) to recognise, alert and/or block data extraction activities on digital devices. For example, a DLP technology may prohibit specific types of file attachments from being sent out via internet mail services. These technologies can also prevent or monitor many other attempts at removing or copying data. There are workarounds that can be used by skilled hackers to evade detection by these solutions, such as using encryption and fragmentation. Although these solutions are becoming an essential line of defence, the most secure environments aim to prevent any significant set of data from being available for export in the first place. For this reason, DLP is thought of as the last line of defence.
30
Privileged account management
The systems, tech and processes used to monitor and control the actives of privileged accounts.
31
Ethical hacking
The process by which supportive (white hat) penetration testing experts assist in finding security weaknesses and vulnerabilities.
32
Red team
When testing for potential exploits affecting any critical or sensitive system, infrastructure or websites, a team of penetration testers is usually used. This term is used to describe a group of penetration testers working together on this type of objective.
33
Penetration test
Checks and scans on any application, system or website to identify any potential security gaps (vulnerabilities) that could be exploited. Once the vulnerabilities are identified, this process then goes on to identify the extent to which these vulnerabilities could be leveraged in an attack (penetration possibilities). Usually these checks are performed in a test area and emulate the same techniques that could be used by an attacker. This is to prevent any inadvertent operational disruption. The checks are typically conducted before any application or site is first used, and also on a periodic basis. Any significant gaps must be addressed in a timeframe appropriate to the scale of the risk. Not to be confused with the term vulnerability assessment, which only identified gaps without examining how they could be leveraged.
34
Penetration tester
A person who performs simulated attempts at attack on a target system or application on behalf of the org that owns or controls it.
35
Vulnerability assessment
The identification and classification of security gaps in a computer, software application, network or other section of a digital landscape. This is usually a passive identification technique that aims only to identify the gaps, without exploring how these gaps could be used in an attack. This should not be confused with a penetration test, which will go on the explore how any vulnerabilities can be exploited.
36
Zero day
The first time a new type of exploit or new piece of malware is discovered. At that point in time, none of the anti virus, anti malware or other defences may be set up to defend against the new form of exploit.
37
Backdoor
A covert method of accessing software or a device that bypasses normal authentication methods.
38
Business Continuity Plan
An operational document that describes how an org can restore its critical products or services to ire customers, should a substantial event that causes disruption to normal operations occur.
39
Technical Disastor Recovery Plan
An operational document that describes the exact process, people, info and assets required to put any electronic or digital system back in place back within a timeline defined by the BCP. If there are multiple BCPs Tharp reference it, the restoration time used must meet the shortest time.
40
USB
Universal Serial Bus. Standard connector that exists on most computers, smartphones, tablets amdnother physical devices that allows other electronic devices to be connected.
41
Encryption
The act of encoding messages so that if they are interrupted by an unauthorised party, they cannot be read unless the encoding mechanism can be deciphered.
42
43
Information Classification
The assignment of one or more values to a collection of knowledge that help us to understand how alike it is to any other set of knowledge. For IS, this is usually achieved by assigning values against confidentiality, integrity and availability, or CIA. A fourth category, consent, is also sometimes used when the set of knowledge includes info on private individuals. The assignment of categories can then be used to more easily select the security and recovery approach appropriate to the information’s value and impact.
44
Confidentiality
The assignment of a value to a set of information to indicate the level of secrecy and the access restrictions required to prevent unauthorised people from viewing it. A typical example of a confidentiality scale is: (i) public use, (ii) internal use, (iii) confidential, (iv) strictly confidential and (v) restricted.
45
Integrity
A value that can be assigned to a set of info to indicate how sensitive it is to degradation of accuracy or data loss. Loss in this context is about losing information without the ability for anyone to recover it from the system it was entered into. This value is often expressed or translated into a scale of time. The integrity value assigned to any system or application is used to set the frequency that the information is subject to backup, or in very sensitive systems with no data loss permitted, establishes the need for a permanent security failover system.
46
Availability
The assignment of a value to a set of information to indicate how much disruption or outage the owner considers acceptable. This is often expressed or translated into a scale of time. Data with the highest possible availability rating would be required to be readily accessible at all times, often through the use of a fully resilient redundant failsafe.
47
Consent
When personal electronic info is involved, there are often legal constraints that govern how the data can be used and where the info can be viewed, stored, transmitted or otherwise processed. In these circumstances, permission is often required from each individual to specify which information can be collected, where it can be processed and for how long it will be retained. These permissions can be represented by a series of tags on individual records or on the full data set. The attributes that require explicit permission may include, but are not limited to, country of origin, permission for export, limitations of use, retention and notification requirements.
48
Technical control
The use of an electronic or digital method to influence or command how something like a digital device can or cannot be used. For example removing the ability to cut or paste info on a smartphone is an example of a technical control that can be used to minimise security risks.
49
Procedural control
An instruction during a sequence of required steps to limit how something is or not permitted to be used.
50
Legal control
The use of legislation to help promote and invest in positive security methods and also deter, punish and correct infringements.
51
Control modes
An umbrella term for preventative, detective and corrective methods of defence, each of these methods represent a different time posture. Preventative controls are designed to stop an attack before it is successful, detective controls are designed to monitor and raise an alert during a potential compromise and corrective controls are the rectification of an issue after an event.
52
Advanced Persistent Threats (APTs)
A term used to describe the tenacious and highly evolved set of tactics used by hackers to infiltrate networks through digital devices and to then leave malicious software in place for as long as possible.
53
Single Point of Accountability (SPA or SPOA)
The principle that all critical assets, processes and actions must have clear ownership and traceability to a single person. The rationale is that the absence of a defined, single owner is a frequent cause of process or asset protection failure. Shared ownership is regarded as a significant security gap due to the consistent demonstration that security flaws have an increased probability of persisting when more than one person is accountable.
54
Social Engineering
The art of manipulating people through personal information to gain unauthorised access to something.
55
Attack Surface
The sum of the different points where an unauthorised user (the attacker) can try to enter data into or extract data from an environment.
56
Network Segmentation
Splitting a single collection of devices, wiring and applications that connect, carry, broadcast, monitor or safeguard data into smaller sections. This allows for more discrete management of each section, allowing greater security to be applied in sections with the highest value, and also permitting sections to be impacted in the event of a malware infection or other disruptive event.
57
Infection
Unwanted invasion by an outside agent that an attacker uses to create damage or disruption.
58
Persistence
To seek continued existence despite opposition.
59
Master Boot Record
The first sector on any electronic device that defines which operating system should be loaded when it is initiated or restarted.
60
Exploit
To take advantage of a vulnerability.
61
Buffer Overflow
Exceeding the region of electronic memory used to temporarily store data when it is being moved between locations. This process is used by some forms of malware to exploit an electronic target.
62
Shell Access
Command level permission to perform executive control over an electronic device.
63
Bot Herder
A hacker who users automatic techniques to seek vulnerable networks and systems. The bot herder’s initial goal is to install or find bot programs that can be used to achieve a particular purpose. Once one or more bots are in place, the hacker can control these programs to perform a larger objective or stealing, corrupting, and/or disrupting information, assets, and services.
64
Bot
A computer program designed to perform specific tasks. They are usually simple, small and designed to perform fast, repetitive tasks. When the purpose of the program conflicts with an org’s goals and needs, a bot can be considered to be a form of malware.
65
Decapitation
Preventing any compromised device from being able to communicate, receive instruction, send info or spread malware to other devices. This can effectively render many forms of malware ineffective because it removed any command, control or theft benefit. This is often a stage during threat removal.
66
Ransomware
A form of malicious software that prevents or restricts usage of one or more digital devices or applications or renders a collection of electronic data unreadable until a sum of money is paid.
67
Host Based
Describes a situation in which something is installed immediately on the device it is protecting, servicing or subverting.
68
Network Based
Describes a situation in which something is installed to protect, serve or subvert the community of devices, wiring and applications used to connect, carry, broadcast, monitor or safeguard information.
69
Endpoint
Any electronic device that can be used to store or process info. Laptops, smartphones and even smart watches are all examples.
70
Anti Malware
Computer program designed to look for specific files and behaviours (signatures) thar indicate the presence of the attempted installation of malicious software. If or when detected, the program seeks to isolate the attack (quarantine or block the malware), remove it, if it can, and also alert appropriate people to the attempt or to the presence of the malware. The program can be host based (installed on devices used by people) or network based (installed on gateway devices through which info is passed). Older forms of the software could detect only specific, pre-defined forms of malicious software using signature files. Newer forms use machine learning and make use of additional techniques including behaviour monitoring.
71
Signatures
Are the unique attributes - for example, file size, file extension, data usage patterns and method of operation that identify a specific computer program. Traditional anti-malware and other security technologies can make use of this information to identify and manage some forms of rogue software communications.
72
Firewall
Hardware or software used to monitor and protect inbound and outbound data. It achieves this by applying a set of rules. These physical devices or computer programs are usually deployed, at a minimum, at the perimeter of each network access point. Software firewalls can also be deployed on devices to add further security. The rules applied within a firewall are known as firewall policy. Advanced firewalls are often equipped with other defensive features typical of more unified threat management.
73
Protocol
A set of established rules used to send info between different locations. Protocols provide a standard that can be used to send or receive information in an expected and understandable format, including information about the source, destination, and route. Examples of protocols include internet protocol (IP), hyper text transfer protocol (HTTP), file transfer protocol (FTP), transmission control protocol (TCP), border gateway protocol (BGP), and dynamic host configuration protocol (DHCP).
74
Internet Protocol
Is the set of rules used to send or receive information from or to a location on a network, including information about the source, destination and route. Each electronic location (host) has a unique address (the IP address) that is used to define the source and the destination.
75
Port Number
Used as part of an electronic communication to denote the method of communication being used. This allows the packet to be directed to a program that will know what to do with it.
76
Packet
A bundle of electronic info grouped together for transmission. The bundle usually includes control info to indicate the destination, source and type of content, and the content itself.
77
Packet Filtering
Passing or blocking bundles of electronic info based on rules.
78
Spoofing
Concealing the true source of info by impersonation or other means. Often used to bypass internet security filters by pretending the source is from a trusted location.
79
Intrusion Detection Systems (IDS)
Computer programs that monitor and inspect electronic communications that pass through them, with the purpose to detect, log (record) and raise alerts on any suspected malicious or otherwise unwanted streams of information.
80
Intrusion Detection and Prevention System
Computer programs that monitor and inspect electronic communications that pass through them, with the purpose to (i) block and log (record) key information about any known malicious or otherwise unwanted streams of information, and (ii) to log and raise alerts about any other traffic that is suspected (but not confirmed) to be of a similar nature. These are usually placed on the communication path to allow the IDPS to prevent unwanted info from entering or leaving a network by dropping or blocking packets. IDPS can also clean some electronic data to remove any unwanted or undesirable packet components.
81
Intrusion Prevention System (IPS)
A slight various in IPS, compared with IDPS, is that they may not collect any detection info and may only serve to block unwanted traffic based on direct rules or instructions they receive.
82
Proxy Server
A program used to provide information services between a requested transaction and its destination. Instead of sending the transaction ’as is’ it can adjust some of the info to help secure the anonymity of the sender. In addition, it may store (cache) any info that is accessed often to help speed up response times.
83
Identify and access controls
Methods of regulating how each person and computer service is confirmed to be who they claim to be (authentication) and how their permissions are monitored.
84
Port Scanning
A process, usually ran by a computer, to detect open access points (ports) that could be used to infiltrate or exfiltrate electronic info into or out of an enterprise.
85
Secure Configuration
Ensuring that when settings are applied to any item (device/software), appropriate steps are always taken to ensure (i) default accounts are removed or disabled, (ii) shared accounts are not used, and (iii) all protective and defensive controls in the item use the strongest appropriate settings.
86
Default accounts
Generic user and password permissions, often with administrative access that is provided as standard for some applications and hardware for use during initial set up.
87
Phishing
Using an electronic communication that pretends to come from a legitimate source, in an attempt to get sensitive information from the recipient or to install malware on the recipient’s device. The methods used in phishing have evolved so that the message can simply contain a link to an internet location where malware situated or can include an attachment that installs malware when opened. The malware can then be used to run any number of unauthorised functions s, including stealing information from the device, replicating additional malware to other accessible locations, sharing the user screen, logging keyboard entries made by the user or locking out access in a ransomware attack. Less complex forms of phishing can encourage the recipient to visit a fake but convincing version of a website and to disclose passwords or other details.
88
Spear Phishing
A more targeted form of phishing. This term describes the use of an electronic communication that targets a particular person or group of people and pretends to come from a legitimate source. In this case, the source may also pretend to be someone known and trusted to the recipient, in an attempt to obtain sensitive information.
89
SSL
Secure Sockets Layer. A method for providing encrypted between two points in a digital landscape. For example, this could be between a web server and web browser. In the URL, the use of SSL is denoted by https:
90
Drive-by download
The unintended receipt of malicious software onto a device through an internet page, electronic service or link. The victim is usually unaware that his or her actions permitted new malicious software to be pulled onto and installed into the digital device or network.
91
Polymorphic Malware
Malicious software that can change its attributes to help avoid detection by anti-malware. This mutation process can be automated so that the function of the software continues, but the method of operation, location and other attributes may change. See also metamorphic malware.
92
Dark web
Websites that hide their server locations. Although publicly accessible, they are not registered on standard search engines, and the hidden server values make it extremely difficult to determine which orgs and people are behind these sites.
93
Multi factor authentication (MFA)
Using more than one form of proof to confirm the identity of a person or device attempting to request access. There are usually three different categories of authentication types: (i) something you know, (ii) something you have, (iii) something you are.
94
Honeypot
An electronic device or collection of data that is designed to trap would be attackers by detecting, deflecting, or otherwise counteracting their efforts. Designed to look like a real part of an enterprise’s attack surface, the honeypot will contain nothing of real value to the attacker, but will contain tools to identify, isolate and trace any intrusion. Honey networks are a collective name for honeypots that operate together to form part of a network intrusion strategy.
95
Closed System
A collection of applications, systems and devices that only have the ability to communicate with each other. No connection to any component outside the known and trusted group is permitted.
96
Worm
A form of malicious software that seeks to find other locations to which it can replicate. This helps to both protect the malware from removal and to increase the area of the attack surface that is compromised.
97
Hacktivism
An amalgamation of hacker and activism. Describes the act of seeking unauthorised access into any digital device or digital landscape to promote a social or political agenda. Usually the unauthorised access is used to cause destruction, disruption and/or publicity.
98
Threatscape
An amalgamation of threat and landscape. An umbrella term to describe the overall, expected methods (vectors) and types of cyber attackers through or by which and org or individual might expect to be attacked.
99
The internet of things
The incorporation of electronics into everyday items sufficient to allow them to network with other network capable devices.
100
Stacked Risk
The phenomenon of allowing seemingly separate potential issues with potential impact (risks) affecting the same digital landscape to accumulate. Without adequate identification and resolution, individual risks can form a toxic accumulation of issues that can be leveraged together to create risk substantially greater than the individual components suggest. Megabreaches are usually the result of stacked risks in combination with a motivated attacker.
101
Cyber Security Risk
Anything that has the potential to cause detrimental impact to the electronic devices we use, or the information they store or transact, can be considered a CS risk.
102
Risk Register
A central repository that contains entries for each potential, significant loss or damage exposure. Usually, there is a minimum materiality threshold; for example a minimum potential financial loss value that must be met or exceeded before an entry in the repository is required. If a risk does occur, it technically becomes an issue. Items can continue to be tracked within a risk register until the impact has been successfully managed and the root causes have been resolved to the extent that the risk is not likely to occur again.
103
Risk based
An approach that considers the financial impact of a failure, along with its probability and proximity, to determine its comparative significance and priority for treatment.

IRM DIGITAL RISK MANAGEMENT (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions