MOD 25

Question 1

What is a loss associated with an event?

Answer 1

Risk

Question 2

The risk probablility of ____ is a problem

Answer 2

1

Question 3

What is the degree to which we can change the outcome?

Answer 3

risk control

Question 4

Risk Exposure is Risk ______ * Risk _______.

Answer 4

Risk Impact * Risk Probablility

Question 5

Which risk strategy focuses on changing security or system requirements?

Answer 5

Avoid the Risk

Question 6

Which risk strategy focuses on insurance?

Answer 6

Transfer the risk

Question 7

Which risk strategy focuses on reducing the risk?

Answer 7

Mitigate the risk

Question 8

Which risk strategy focuses on accepting the risk?

Answer 8

Accept the risk

Question 9

Risk Leverage is ______ / ________

Answer 9

Risk Exposure / Cost of Risk Reduction

Question 10

For risk leverage, is higher leverage value better?

Answer 10

Yes!

Question 11

What is the first step for Risk Analysis?

Answer 11

Identify assets

Question 12

What is the last step for Risk Analysis?

Answer 12

Project annual savings of control

Question 13

What is a cube that has desired goals, information states and safeguards?

Answer 13

McCumber Cube

Question 14

What are the 3 Likelihood Estimates?

Answer 14

Classical, Frequency, Subjective

Question 15

Which Likelihood Estimate is not possible for security because we can’t assign a probability to an event?

Answer 15

Classical

Question 16

Which Likelihood Estimate has us look past behavior to make probability estimates of future events?

Answer 16

Frequency

Question 17

Which Likelihood Estimate is based on expert opinion?

Answer 17

Subjective

Question 18

What are the 2 costs for computing expected loss?

Answer 18

Tangible and Intangible costs

Question 19

Which costs consist of replacing physical items?

Answer 19

Tangible costs

Question 20

Which cost consist of loss of customer good will and employee trust?

Answer 20

Intangible costs

Question 21

Is tangible costs measurable?

Answer 21

Yes!

Question 22

Is intangible costs measurable?

Answer 22

No / not easily

Question 23

What is the cost that includes projected savings by minimizing vulnerabilities?

Answer 23

Project Annual Savings

Question 24

Project Annual Savings requires a ________

Answer 24

cost benefit analysis (CBA)

Question 25

For the first step of cost benefit analysis (CBA), you need to get the ___________ of the vulnerability

Answer 25

Annual Loss Expectancy (ALE)

Question 26

Cost Benefit Analysis is the product of Single Loss Expectancy * __________

Answer 26

Annual Rate of Occurence (ARO)

Question 27

What is a part of cost benefit analysis and tells how much a single event will cost?

Answer 27

SLE

Question 28

What is part of cost benefit analysis and shows how many times an event can happen per year?

Answer 28

ARO

Question 29

Which contingency plan is networked or off site?

Answer 29

Backup

Question 30

Which contingency plan has a facility with power and cooling and ready to install a new computing center?

Answer 30

Cold site (shell)

Question 31

Which contingency plan has a computer facility ready to go?

Answer 31

Hot site

Question 32

Which balanced scorecard view focuses on the customer’s needs and satisfaction?

Answer 32

Customer view

Question 33

Which balanced scorecard view focuses on core competencies?

Answer 33

Operational view

Question 34

Which balanced scorecard view focuses on ROI and share price?

Answer 34

Financial view

Question 35

Which balanced scorecard view focuses on market leadership?

Answer 35

Improvement view