Security & Risk Management Flashcards Preview

Game Changer > Security & Risk Management > Flashcards

Flashcards in Security & Risk Management Deck (42):
1

Accountable for ensuring the protection of all of the business information assets from intentional & unintentional loss, disclosure, alteration, destruction, & unavailability

Information Security Officer

2

Authorizes the President to designate those items that shall be considered as defense articles & defense services & control their import & the export

Arms Export Control Act of 1976

3

Ensures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for actions & responsibility for outcomes, & addresses how expected performance will be evaluated

Governance

4

Is similar to due care with the exception that it is a preemptive measure made to avoid harm to other persons or their property

Due Diligence

5

The care a "reasonable person" would exercise under given circumstances

Due Care

6

Controls designed to discourage people from violating security directives.

Deterrent Controls

7

Controls designed to signal a warning when a security control has been breached.

Detective Controls

8

Electronic hardware & software solutions implemented to control access to information & information networks

Logical Controls

9

The practice of coming up with alternatives so that the risk in question is not realized.

Risk Avoidance

10

The practice of accepting certain risk typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way

Risk Acceptance

11

1. Combination of the probability of an event & its consequences.
2. An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result. (RFC 2828)

Risk

12

The point in time to which data must be restored in order to successfully resume processing

Recovery Point Objective (RPO)

13

How quickly you need to have that application's information available after downtime has occurred

Recovery Time Objective (RTO)

14

Controls implemented to prevent a security incident or information breach

Preventative Controls

15

Controls to protect the organization's people & physical environment, such as locks, fire management, gates, & guards; physical controls may be called "operational controls" in some contexts

Physical Controls

16

Protects, novel, useful, & non-obvious inventions

Patent

17

Granting users only the accesses that are required to perform their job functions

Least Privilege

18

Comes in 2 forms; making sure information is processed correctly & not modified by unauthorized persons, & protecting information as it transits

Integrity

19

Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, databases, & computer programs

Copyright

20

An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year

Annualized Rate of Occurrence (ARO)

21

Procedures implemented to define the roles, responsibilities, policies, & administrative functions needed to manage the control environment

Administrative Controls

22

Defined as the difference between the original value & the remaining value of an asset after a single exploit

Single Loss Expectancy (SLE)

23

The principle that ensures that information is available & accessible to users when needed

Availability

24

An incident that results in the disclosure or potential exposure of data

Breach

25

The practice of the elimination of or the significant decrease in the level of risk presented

Risk Mitigation

26

Established to contribute to regional & international security & stability by promoting transparency & greater responsibility in transfers of conventional arms & dual-use goods & technologies, thus preventing destabilizing accumulations

Wassenar Arrangement

27

Determines the potential impact of disruptive events on the organization's business processes

Vulnerability Assessment

28

Controls implemented to remedy circumstance, mitigate damage, or restore controls

Corrective Controls

29

Actions that ensure behavior that complies with established rules

Compliance

30

Supports the principle of "least privilege" by providing only authorized individuals, processes, or systems should have access to information on a need to know basis

Confidentiality

31

A breach for which it was confirmed that data was actually disclosed to an unauthorized party

Data Disclosure

32

A process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, & provide reasonable assurance regarding the achievement of entity objectives

Enterprise Risk Management

33

Controls implemented to restore conditions to normal after a security

Recovery Controls

34

The practice of passing on the risk in question to another entity, such as an insurance company

Risk Transfer

35

Any single input to a process that, if missing, would cause the process or several processes to be unable to function

Single Point of Failure

36

Authorized the President to regulate exports of civilian goods & technologies that have military applications

Export Administration Act of `979

37

Proprietary business or technical information, processes, designs, practices that are confidential & critical to the business

Trade Secret

38

Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods & distinguish them from those made or sold by others

Trademarl

39

Controls that substitute for the loss of primary controls & mitigate risk down to an acceptable level

Compensating Controls

40

A systematic process for identifying, analyzing, evaluating, remedying, & monitoring risk

Risk Management

41

Controls designed to specify acceptable rules of behavior within an organization

Directive Controls

42

A security event that compromises the confidentiality, integrity, or availability of an information asset

Incident