Test Flash Cards 1
(35 cards)
What is Enterprise Security Risk Management (ESRM)?
ESRM is a strategic approach to security management that ties an organization’s security practice to its overall strategy using globally accepted and established risk management principles.
What is an asset owner?
The person directly responsible for successful operation of the asset. In ESRM, the asset owner is assigned responsibility for the risk to an asset.
What are four ways to manage risk?
- Eliminate
- Reduce
- Transfer
- Accept
What are the deciding factors between a qualitative or quantitative approach to a risk assessment?
The reliability and validity of the available data
The nature of the risk factors and if they are quantifiable
The target audience for the outputs
What is risk tolerance?
The amount of uncertainty an organization is prepared to accept in total or more narrowly within a certain business unity, a particular risk category, or for a specific initiative.
What four steps are included in the risk assessment process?
Asset identification, valuation, and characterization
Risk identification
Risk analysis
Risk evaluation
What is terrorism?
Ac act of violence designed to achieve a political end
What is a cost-benefit analysis
A method for evaluating and comparing the value and cost of risk treatment options
What six things should be considered when assessing consequences?
- Human cost
- Financial cost
- Image
- Human rights impacts
- Indirect impacts
- Environmental impacts
What are five benefits of liaison?
- Leverage the resources of others
- Share best practices and lessons learned
- Collaborate on specific cases or incidents
- More effectively address common issues
- Share information, equipment, and facilities
What is cost-effectiveness?
Producing good results for the money spent
What is security awareness?
Consciousness of an existing security program, its relevance, and the effect of one’s behavior on reducing security risks
What is a goal of a security awareness program?
To promote compliance wiht security policies and procedures, as well as provide timely communications and training to guide individual and organizational attitudes and behaviors
What typically drives the decision to use a security consultant?
A specific problem, need, challenge, or goal
What is a chief security officer?
A senior executive level function responsible for providing comprehensive integrated risk strategies to help protect an organization from a wide spectrum of threats
ABC Corporation has a management style where managers and supervisors guide their employees toward achieving organizations objectives. The workers enjoy a higher workplace morale and are happy they work with management toward success. This style of management is known as
1. Autocratic
2. Laisse-Faire
3. Democratic
4. Employee driven
- Democratic
The Vision Statement is
A strategic vision describes management’s aspirations for the company’s future and the course and direction charted to achieve them
portrays a firm’s aspirations for it’s future
The Mission Statement is
A statement of the companys long-term purpose that explains the overall reason the company exists
Describes the scope and purpose of its present business
The Value Statement
Core beliefs, traits, and behavioral norms that the firm’s personnel are expected to display in conducting business and pursuing the strategic vision and mission
A specific description of where the business will be in the long-term, that conveys a general understanding of the business, its culture, and its future goals. This concept is BEST referred to as:
1. A Mission Statement
2. A Vision Statement
3. A Strategic Plan
4. An Organizational Strategy
- A Vision Statement
This communicates business functionality and operational methods. It specifies a business types of products or services, level of quality, and other tangible aspects of the business and its plans. This is BEST referred to as:
1. A Mission Statement
2. A Vision Statement
3. A Strategic Plan
4. An Organizational Strategy
- A Mission Statement
Which of the following statements, BEST describes ISO industry standards
1. ISO is governmental organization
2. ISO standards address: training, employee competencies, products, processes, service & amp; quality control
3. ISO regulates, legislates, and enforces compliance to standards
4. ISO standards often become recognized as industry best practices and become market requirements
- ISO standards often become recognized as industry best practices and become market requirements
The Plan-Do-Check-Act (PDCA) cycle has a step where, one examines the solutions devised to address the problems. The point is to check whether the solutions are producing outcomes that are consistent with the plan. This step is referred to as which part of the cycle?
1. Plan
2. Do
3. Check
4. Act
- Check
The Plah-Do-Check-Act (PDCA) cycle has a step which looks at the planning analysis, then devises a solution, prioritizes the next steps, and develops a detailed action plan. This step is referred to as which part of the cycle?
1. Plan
2. Do
3. Check
4. Act
- Do
