IS3350 CHAPTER 14 Flashcards Preview

CSC 6530 SECOND-TERM > IS3350 CHAPTER 14 > Flashcards

Flashcards in IS3350 CHAPTER 14 Deck (42)
Loading flashcards...
1

The number of times a threat might affect an organization during a one-year time frame is called ___?

ANNUAL RATE OF OCCURRENCE (ARO)

2

The amount of loss that an organization can expect to have each year due to a particular risk is called ___?
ALE is often expressed as the equation:
ALE = SLE x ARO.
SLE is single loss expectancy
ARO is annual rate or occurrence

ANNUALIZED LOSS EXPECTANCY (ALE)

3

These ___ address the recovery of an organization's business processes and functions in the event of a disaster.
These tend to be comprehensive plans for returning an organization to normal operating conditions.

BUSINESS CONTINUITY (BC) PLANS

4

A process that identifies key business operations and the resources used to support those processes is called ___?
This also identifies maximum tolerable down-time for critical business functions.

BUSINESS IMPACT ANALYSIS (BIA)

5

A basic type of disaster recovery and business continuity test that checks to make sure that supplies and inventory items needed to an organization's business recovery are on hand is called ___?

CHECKLIST TEST

6

A backup site for disaster recovery and business continuity planning purposes that is little more than reserved space is called ___?
It doesn't have any hardware or equipment ready for business operations.
It will have electrical service, but most likely won't have network connectivity.
It can take weeks to months for an organization to ready this site for business operations.

COLD SITE

7

Any situation where a person's private interests and professional obligations collide is called ___?
Independent observers might question whether a person's private interests improperly influence his or her professional decisions.

CONFLICT OF INTEREST

8

A sudden, unplanned event that negatively affects the organizations' critical business functions for an unknown period is called ___?

DISASTER

9

Plans that address the recovery of an organization's information technology systems in the event of a disaster is called ___?

DISASTER RECOVERY (DR) PLANS

10

The percentage of asset loss that is likely to be caused by an identified threat or vulnerability is called ___?

EXPOSURE FACTOR

11

A disaster recovery and business continuity test where an organization stopes all of its normal business operations and transfers those operations to its backup site is called ___?
This is the most comprehensive form of disaster recovery and business continuity plan testing; also the most expensive.

FULL INTERRUPTION TEST

12

An operation backup site for disaster recovery and business continuity planning purposes is called ___?
It has equipment and infrastructure that is fully compatible with an organization's main facility.
It is not staffed with people.
It can become operational within minutes to hours after a disaster.

HOT SITE

13

An event that adversely affects the confidentiality, integrity, and/or availability of an organization's data and information technology systems is called ____?

INCIDENT

14

A contingency plan that helps an organization respond to attacks against an organizations' information technology infrastructure is called ___?

INCIDENT RESPONSE (IR)

15

The amount of time that critical business processes and resurrect can be offline before an organization begins to experience irreparable business harm is called ___?

MAXIMUM TOLERABLE DOWNTIME (MTD)

16

A fully operational backup site for disaster recovery and business continuity planning purposes is called ___?
This site actively runs an organization's information technology functions in parallel with the organization's mail processing facility.
It is fully staffed.
It has all necessary data and equipment to continue business operations.

MIRRORED SITE

17

A disaster recovery and business continuity test where an organization tests its ability to recover its information technology systems and its business data is called ___?
In this test, the organization brings its backup recovery sites online.
It will then use historical business data to test the operations of those systems.

PARALLEL TEST

18

A marketing field that manages an organization's public image is called ___?

PUBLIC RELATIONS (PR)

19

A risk analysis method that uses scenarios and ratings systems to calculate risk and potential harm is called ___?
This does not attempt to assign money value to assets and risks.

QUALITATIVE RISK ANALYSIS

20

A risk analysis method that uses real money costs and values to determine the potential monetary impact of threats and vulnerabilities is called ___?

QUANTITATIVE RISK ANALYSIS

21

The loss that an organization has when a potential threat actually occurs is called ___?

REALIZED RISK

22

A process for identifying threats and vulnerabilities that an organization faces is called ___?
This can be qualitative or quantitative or both.

RISK ASSESSMENT (RA)

23

The process that an organization uses to identify risks, asses them, and reduce them to an acceptable level is called ___?

RISK MANAGEMENT (RM)

24

A disaster recovery and business continuity test where an organization role plays a specific disaster scenario is called ___?
This type of test doesn't interrupt normal business operations and activities.

SIMULATION TEST

25

The amount of money that an organization stands to lose every time a specified risk is realized is called ___?

SINGLE LOSS EXPECTANCY (SLE)

26

A basic type of disaster recovery and business continuity test that reviews a disaster recovery/business continuity plan to make sure that all of the assumptions and tasks stated in the plan are correct is called ___?

WALK-THROUGH TEST

27

A partially equipped backup site for disaster recovery and business continuity planning purposes is called ___?
This is space that contains some, but not all, of the equipment and infrastructure that an organization needs to continue operations in the event of a disaster.
It is partially prepared for operations and has electricity and network connectivity.

WARM SITE

28

1. A parallel test uses current processing data to test IT system operation.
TRUE OR FALSE

FALSE

29

2. Which item is NOT part of the risk management process?

1. Risk analysis
2. Risk response
3. Continuous monitoring
4. Training employees
5. All the above are parts of the risk management process

All are parts of the risk management process

Risk analysis
Risk response
Continuous monitoring
Training employees

30

3. What does a risk assessment do?

A risk assessment identifies the threats and vulnerabilities to IT resources.