Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Sec+ 601 > Domain 5: Governance, Risk, and Compliance (14%) > Flashcards

Domain 5: Governance, Risk, and Compliance (14%) Flashcards

(30 cards)

Start Studying
1
Q

5.3 Personnel

Least Privilege

A

Users are only given the lowest level of access needed to perform their
job functions

§ Does everyone in the company need to know employee salary data?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

5.3 Personnel

Separation of duties

A

Requires more than one person to conduct a sensitive task or operation

§ Separation of duties can be implemented by a single user with a user and
admin account

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

5.3 Personnel

Job rotation

A

Occurs when users are cycled through various jobs to learn the overall
operations better, reduce their boredom, enhance their skill level, and
most importantly, increase our security
§ Job rotation helps the employee become more well-rounded and learn
new skills
§ Job rotation also helps the organization identify theft, fraud, and abuse of
position

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

5.4 Risk management Strategies

risk avoidance

A

A strategy that requires stopping the activity that has risk or
choosing a less risky alternative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

5.4 Risk management Strategies

Risk Transfer

A

A strategy that passes the risk to a third party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

5.4 Risk management Strategies

Risk Mitigation

A

A strategy that seeks to minimize the risk to an acceptable level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

5.4 Risk management Strategies

Risk Acceptance

A

A strategy that seeks to accept the current level of risk and the
costs associated with it if the risk were realized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

5.4 Risk Analysis

Residual Risk

A

The risk remaining after trying to avoid, transfer, or mitigate the
risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

5.4 Risk Analysis

Qualitative risk assessment type

A

Qualitative analysis uses intuition, experience, and other methods to assign a
relative value to risk
o Experience is critical in qualitative analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

5.4 Risk Analysis

Quantitative Risk assessment type

A

Quantitative analysis uses numerical and monetary values to calculate risk
o Quantitative analysis can calculate a direct cost for each risk
o Magnitude of Impact

ALE (annual Loss Expectancy) = SLE (single loss expectancy = AV x EF) x ARO (Annual Rate of Occurence)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Users are only given the lowest level of access needed to perform their
job functions

§ Does everyone in the company need to know employee salary data?

A

5.3 Personnel

Least Privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Requires more than one person to conduct a sensitive task or operation

§ Separation of duties can be implemented by a single user with a user and
admin account

A

5.3 Personnel

Separation of duties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Occurs when users are cycled through various jobs to learn the overall
operations better, reduce their boredom, enhance their skill level, and
most importantly, increase our security
§ Job rotation helps the employee become more well-rounded and learn
new skills
§ Job rotation also helps the organization identify theft, fraud, and abuse of
position

A

5.3 Personnel

Job rotation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A strategy that requires stopping the activity that has risk or
choosing a less risky alternative

A

5.4 Risk management Strategies

risk avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A strategy that passes the risk to a third party

A

5.4 Risk management Strategies

Risk Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A strategy that seeks to minimize the risk to an acceptable level

Study These Flashcards
A

5.4 Risk management Strategies

Risk Mitigation

17
Q

A strategy that seeks to accept the current level of risk and the
costs associated with it if the risk were realized

Study These Flashcards
A

5.4 Risk management Strategies

Risk Acceptance

18
Q

The risk remaining after trying to avoid, transfer, or mitigate the
risk

Study These Flashcards
A

5.4 Risk Analysis

Residual Risk

19
Q

Qualitative analysis uses intuition, experience, and other methods to assign a
relative value to risk
o Experience is critical in qualitative analysis

Study These Flashcards
A

5.4 Risk Analysis

Qualitative risk assessment type

20
Q

Quantitative analysis uses numerical and monetary values to calculate risk
o Quantitative analysis can calculate a direct cost for each risk
o Magnitude of Impact

ALE (annual Loss Expectancy) = SLE (single loss expectancy = AV x EF) x ARO (Annual Rate of Occurence)

Study These Flashcards
A

5.4 Risk Analysis

Quantitative Risk assessment type

21
Q

The individual elements, objects, or parts of a system that would cause
the whole system to fail if they were to fail

Study These Flashcards
A

5.4 Business impact analysis

Single point of failure

22
Q

Personal data cannot be collected processed or retained without the
individual’s informed consent

§ also provides the right for a user to withdraw consent, to inspect,
amend, or erase data held about them

§ requires data breach notification within 72 hours

Study These Flashcards
A

5.2 Regulations, Standards, and legislation

General Data Protection Regulation (GDPR)

23
Q

Defines the rules that restrict how a computer, network, or other systems
may be used

Study These Flashcards
A

5.3 Personnel

Acceptable use policy

24
Q

Defines the structured way of changing the state of a computer system,
network, or IT procedure

Study These Flashcards
A

5.3 Organizational Polices

Change management

25
Different users are trained to perform the tasks of the same position to help prevent and identify fraud that could occur if only one employee had the job
5.3 Personnel Job Rotation
26
Dictates what type of things need to be done when an employee is hired, fired, or quits § Terminated employees are often not cooperative
5.3 Personnel onboarding and offboarding
27
Agreement between two parties that defines what data is considered confidential and cannot be shared outside of the relationship §are a binding contract
5.3 Third-party risk management Non-Disclosure Agreement (NDA)
28
A non-binding agreement between two or more organizations to detail an intended common line of action can be between multiple organizations
5.3 Third-party risk management Memorandum of understanding(MOU)
29
An agreement concerned with the ability to support and respond to problems within a given timeframe and continuing to provide the agreed upon level of service to the user §may promise 99.999% uptime
5.3 Third-party risk management Service-level Agreement(SLA)
30
Conducted between two business partners that establishes the conditions of their relationship § can also include security requirements
5.3 Third-party risk management Business Partnership Agreement(BPA)

Sec+ 601 (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions