Term
| Identify the purposes of the network to the organization |
|
Definition
|
|
Term
| Analyzing the cost versus the benefit of mitigating, transferring and accepting the various security risks |
|
Definition
|
|
Term
| Documenting procedures to be used for hardening, incident response, and auditing of the system |
|
Definition
|
|
Term
| Identifying the security practices that similar organizations currently employ |
|
Definition
| Industry-recommended practices |
|
|
Term
| Identifying which threats are most likely to occur |
|
Definition
|
|
Term
| When a failure in the system bypasses security functions, this is called _____ |
|
Definition
|
|
Term
| Quantitative risk analysis uses a math model, qualitative risk analysis uses a scenario-based model |
|
Definition
|
|
Term
| The % loss of an asset that a realized threat could have |
|
Definition
| SLE - Single Loss Expectancy |
|
|
Term
| How often a threat is expected to occur |
|
Definition
| Annualized Rate of Occurance |
|
|
Term
| The cost of a single asset |
|
Definition
|
|
Term
| The financial amount expected to be lost in a single occurence of a threat |
|
Definition
| SLE - Single Loss Expectancy |
|
|
Term
| The expected financial loss that a particular threat will cost an organization |
|
Definition
|
|
Term
|
Definition
| ALE - Annualized Loss Expectance |
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
|
|
Term
|
Definition
Cisco Security Agent
Cisco NAC Appliance |
|
|
Term
|
Definition
| Cisco IPS Sensor Software |
|
|
Term
Rotation of duties
Two person teams
Separation of duties
Change control
Multiple staff members involved in backups |
|
Definition
| Protection against rogue network admins |
|
|
Term
| Planning for a failure or a natural disaster at a primary location is called ___ |
|
Definition
|
|
Term
| Security categorization, preliminary risk assessment |
|
Definition
|
|
Term
| Inspection and acceptance, system integration, certification, accredidation |
|
Definition
|
|
Term
| Information preservation, media sanitization, equipment disposal |
|
Definition
|
|
Term
| Risk assessment, functional assurance requirements, planning, developmental testing and evaluation |
|
Definition
| Acquisition and Development |
|
|
Term
| Configuration management, continuous monitoring |
|
Definition
| Operations and Mainteenance |
|
|
Term
| What is the difference between policies, and procedures |
|
Definition
Policies detail what is to be protcted.
Procedures detail how assets are to be protected. |
|
|
Term
| Informing users of their security responsibilities and best practices is called a(n) |
|
Definition
| Security awareness program |
|
|
Term
Explains why the act was committed.
Explains when and where the criminal act was committed.
Explains how the crime was committed |
|
Definition
|
|
Term
ALE =
(Annualized Loss Expectancy) |
|
Definition
ALE = AV * EF * ARO
(Asset Value * Exposure Factor * Annualized Rate of Occurance) |
|
|
