Domain 1 set 2 Flashcards
(32 cards)
ROI
Return on Investment
The Amount of money saved by implementation of a safeguard.
Return on Investment
The value of the Safeguard or Control
Return on Investment
ALE
Annual loss expectancy
The 2 Risk Analysis
- Qualitative
2. Quantitative
Risk Analysis that helps prioritize probability and impact of a risk event
Qualitative
Business decisions are made on what Risk Analysis
Quantitative
It depends on what Risk Analysis?
Qualitative
Reactive mechanism
Counter Measures
The amount of risk without implementing a mitigation
Total Risk
Threats X Vulnerability X Asset value = ?
Total Risk
What are two risk transfer items?
- insurance
2. SLA’s
BRP
Business Recovery Plan
Long term focus on sustaining Operation of the business following a Disaster
Business Recovery Plan
Responding to a Risk is called?
Risk Mitigation
The 7 phases of BCP
- Project Initiation
- Business Impact Analysis
- Recovery Strategy
- Plan Design and Development
- Implementation
- Testing
- Maintenance
ISO 27001
Establishment Implementation of controls and improvements of ISMS.
Follow the PDCA
ISO 27002
Provides practical Advice for HOW TO implement Security controls, use 10 domain to Address ISMS
ISO 27004
Metrics
ISO 27005
Approach To Risk Management
ITIL
Information Technology Infrastructure Library
IT Service Managment
An analysts to identify assets and their criticality, identify Vulnerabilities and threats and base the protection strategy to reduce Risk
OCTAVE
FERPA Handles what?
Student Educational records
ECPA
Electronic communication Privacy Act
Restricts Governments of interception of communications
