Term
| ______________ is the identification, measurement, control, and minimization of loss associated with uncertain events or risks. |
|
Definition
|
|
Term
| Risk Management ensures each risk an organization is exposed to is identified and one of which of what four things? |
|
Definition
| Accepted,Mitigated, Transferred or Avoided |
|
|
Term
| The objective of a security program is appropriate _____________. |
|
Definition
|
|
Term
| Which part of the information security triad can be summed up as "protecting secrets"? |
|
Definition
|
|
Term
| Which part of the information security triad can be summed up as "protecting accuracy and authenticity"? |
|
Definition
|
|
Term
| Which part of the information security triad can be summed up as "protecting stability and reliability"? |
|
Definition
|
|
Term
| What are the three parts of the information security triad? |
|
Definition
| Confidentiality, Integrity, and Availability |
|
|
Term
| In order for a security program to be successful, who must be aware of their roles and responsibilities? |
|
Definition
|
|
Term
| ____________ have care or custody of information assets. |
|
Definition
|
|
Term
| ______________________ are responsible for the design, implementation, management, and review of security policies, standards, baselines, procedures, and guidelines. |
|
Definition
| Information Security Professionals |
|
|
Term
| _____________ is responsible for developing and implementing the security plan |
|
Definition
|
|
Term
| _______________ perform tasks such as information classification, setting user access conditions, and deciding on business continuity priorities. |
|
Definition
|
|
Term
| ______________ outlines expectations and requirements relating to proper use of IT resources. |
|
Definition
|
|
Term
| ________________ means giving users the minimum permissions necessary to do their job. |
|
Definition
|
|
Term
| __________ states that users shouldn't have access to information they do not need to do their job |
|
Definition
|
|
Term
| Security only happens by means of _________ and ____________. |
|
Definition
|
|
Term
| _______ Planning focuses on the high-level, long-range requirements of the company's long-term plan |
|
Definition
|
|
Term
| _________ Planning is a mid-term focus on events that will affect the entire organization. |
|
Definition
|
|
Term
| ___________ Planning focuses on "fighting fires" at the keyboard level. |
|
Definition
|
|
Term
| What does holistic security mean? |
|
Definition
| Making security part of everything and not its own thing |
|
|
Term
| What does ISO 27000 cover? |
|
Definition
|
|
Term
| What does ISO 27001 cover? |
|
Definition
| Information Security Management Systems Requirements |
|
|
Term
| What does ISO 27002 cover? |
|
Definition
| Code of practice derived from ISO 17799 and BS 7799 |
|
|
Term
| What does ISO 27003 cover? |
|
Definition
| ISMS implementation guidance |
|
|
Term
| What does ISO 27004 cover? |
|
Definition
| Information Security Measurement |
|
|
Term
| What does ISO 27005 cover? |
|
Definition
| A standard for Information Security Risk Management |
|
|
Term
| What does ISO 27006 cover? |
|
Definition
| Provides guidance for auditing an ISMS |
|
|
Term
| What does ISO 27799 cover? |
|
Definition
| Information Security for health sector organizations |
|
|
Term
| What does functionality refer to? |
|
Definition
|
|
Term
| What does assurance refer to? |
|
Definition
|
|
Term
| ______________ ensures that policy is enforced by mandating how a task will be completed. |
|
Definition
|
|
Term
| ______________ are the benchmarks used to ensure that a minimum level of security is maintained |
|
Definition
|
|
Term
| _____________ are essential because they allow for a basis of for common practices across an organization. |
|
Definition
|
|
Term
| ____________ is something that is of value to an organization |
|
Definition
|
|
Term
| _____________ is a circumstance or event with the potential to cause harm to an IT system |
|
Definition
|
|
Term
| __________ is a potential danger to information or an information system |
|
Definition
|
|
Term
| _____________ is an opportunity for a threat to cause loss |
|
Definition
|
|
Term
| ____________ is a flaw or weakness in system security |
|
Definition
|
|
Term
| ___________ is the probability that a vulnerability will be executed. |
|
Definition
|
|
Term
| ____________ is an action intending harm to a system |
|
Definition
|
|
Term
| ______________ are administrative, technical, or physical measures taken to protect systems |
|
Definition
|
|
Term
| _________________ are controls applied after the fact |
|
Definition
|
|
Term
| _____________ are proactive controls |
|
Definition
|
|
Term
| ________________ includes the factors of threats, vulnerabilities, and current values of assets |
|
Definition
|
|
Term
| _______________ is the amount of risk remaining after countermeasures and safeguards are applied |
|
Definition
|
|
Term
| What are the three phases of risk management? |
|
Definition
| Risk Assessment, Risk Mitigation, Assurance |
|
|
Term
| The Asset Value multiplied by the Exposure factor = ____________ |
|
Definition
|
|
Term
| What is the Annual Rate of Occurrence? |
|
Definition
| The number of times per year that an incident is likely to occur |
|
|
Term
| Multiplying the Single Loss Expectancy by the Annual Rate of Occurrence = ______________ |
|
Definition
|
|
Term
| _________________ theories and approaches are best on outcomes. They try to provide the greatest good for the greatest number of individuals |
|
Definition
|
|
Term
| ______________ theories subscribe to the belief that it is the duty of each person to do good |
|
Definition
|
|
Term
| _____________ states that access to the internet is a privilege. |
|
Definition
|
|
Term
| Would Ethernet be considered a standard or a policy? |
|
Definition
|
|
Term
| Which ISO framework provides information security best practices? |
|
Definition
|
|
Term
| IT systems are normally operated by _______________. |
|
Definition
|
|
Term
| What is the benefit of mandatory vacations? |
|
Definition
| It makes it easier to detect fraud |
|
|
Term
| When should security awareness begin for an employee? |
|
Definition
| On the first day of employment |
|
|
Term
| Guidelines are _____________ |
|
Definition
|
|
Term
| What is the first ISC2 cannon? |
|
Definition
| Protect society, the commonwealth, and the infrastructure |
|
|
Term
| What do assurance mechanisms provide us with? |
|
Definition
| Confidence in the appropriateness of the controls |
|
|
Term
| How should countermeasure cost relate to asset value? |
|
Definition
| The cost should be less than the value |
|
|
Term
| What determines the right amount of security for an organization? |
|
Definition
| The amount of acceptable risk |
|
|
Term
| Information classification is the responsibility of the ______________ |
|
Definition
|
|
Term
|
Definition
| Not mitigating risk and absorbing the cost if it occurs |
|
|
