Misc. CISSP Tables/Equations (Secondary) Flashcards
Total Risk (TR)
TR=(AV)(threats)(vulnerabilities)
TR=AV*R
TR=CG+RR
AV -Asset Value
R -Risk
CG -Controls Gap
RR -Residual Risk
Risk (R)
R=Threat*vulnerability
Single Loss Expectancy (SLE)
Describes how much it would cost you if it happened just ONE time
SLE=AV*EF
AV -Asset Value
EF -Exposure Factor
Annualized Loss Expectancy (ALE)
How much will you lost per year
ALE=AVEFARO
AV -Asset Value
EF -Exposure factor
ARO -Annualized rate of Occurance
Annualized Rate of Occurrence (ARO)
Expected frequency with which a specific threat or risk will occur
Seven steps of NIST Risk Management Framework
1) Prepare
2) Categorize
3) Select
4) Implement
5) Assess
6) Authorize
7) Monitor
*People Can See I am Always Monitoring
OSI Model
1) Application
2) Presentation
3) Session
4) Transport
5) Network
6) Data Link
7) Physical
Forwards: All People Seem To Need Data Processing
Backwards: Please Do Not Toss Security Processes Asside
Steps of the data lifecycle
1) Create
2) Classify
3) Store
4) Use
5) Share
6) Archive
7) Destroy
Consultants Can Send Use Some Attack Data
Five Steps of “Common Criteria” Validation
1) Describe Assets
2) Identify Threats
3) Analysis & Rating of Threats
4) Determination of Security Objectives
5) Selection of Functional Security Requirements
Don’t Insult Any Data Scientists
The incident Response Process
1) Detection
2) Response
3) Mitigation
4) Reporting
5) Recovery
6) Remediation
7) Lessons Learned
DRMRRRL (Drum Roll)
Process for Quantitative Risk Analysis
1) Inventory the Assets (use asset value)
2) Identify the Threats (use exposure factor)
3) Analyze the Threats (use single loss expectancy)
4) Estimate the potential loss (use annualized loss expectancy)
5) Research Countermeasures for each threat
6) Cost-Benefit Analysis
I Imagined An Enormous Rosiere Chicken
Exposure factor (EF)
The percentage (%) of value an asset lost due to an incident, represented in a decimal
Safegaurd Evaluation
The process of determining whether a safeguard is cost effective
Controls Gap (CG)
The amount of risk reduced by implementing safeguards
CG=TR-RR
This is subtracted from the total risk to calculate the residual risk…
And vice versa (This can be added to the residual risk to calculate the total risk)
Residual Risk (RR)
The risk that remains even with all conceivable safeguards in place. Often the deducible on an insurance policy)
RR=TR-CG
Value a safeguard
(ALE-ALE_SG)-ACS
ALE -Annualized Loss Expectancy (with no safegaurds/controls)
ALE_SG -Annualized Loss Expectancy with the safegaurd in place
ACS -Annual Cost of Safeguard
Class A Fires
Caused by combustibles
Recommended suppression material: Water, soda acid (dry powder)
Class B Fires
Caused by Liquids
Recommended suppression material: CO2, halon, soda acid
Class C Fires
“Electrical Fires”
Recommended suppression material: CO2, halon
Class D Fires
Burning Metals
Recommended suppression material: Dry Powder
Class K fires
“Kitchen Fires”
Recommended suppression material: Wet Chemicals (not water)
CO2 as fire suppression material
Does not require clean up after use
Puts out fires by removing oxygen, not heat
Recommended for Class B fires “Burning Liquids” and for Class C fires “Electrical fires”
Halon as fire suppression material
any of a number of unreactive gaseous compounds of carbon with bromine and other halogens, used in fire extinguishers
Recommended for Class B fires “Burning Liquids” and for Class C fires “Electrical fires”
Dangers of using water as a fire suppressant
In Kitchen fires (Class K) it can allow grease to splash, allowing the fire to spread
In metal fires (Class D) it can separate into hydrogen and hydroxide. The hydrogen gas is combustible
In liquid fires (Class B) it can allow the burning liquid to splash, allowing the fire to spread
