Chapter 9 - Risk Management: Controlling Risk

20 terms by gameboy_horror

Create a new folder

Advertisement Upgrade to remove ads

Chapter 9

Disadvantage

When an organization's general management team determines that risks from information security threats are creating a competitive ___________, it empowers the information technology and information security communities of interest to control those risks.

Mitigation

The risk control strategy that seeks to reduce the impact of a successful attack through the use of IR, DR and BC plans is

Avoidance

is the risk control strategy that seeks to prevent exploitation of a perceived vulnerability through the application of effective safeguards.

Transference

is the risk control strategy that seeks to prevent exploitation of a perceived vulnerability through the application of effective safeguards is a control approach that attempts to shift the risk to other agencies who will manage or insure the assets.

Value

The threat level and an asset's _______ should be a major factor in the risk control strategy selection.

Residual Risk

is a is a combined function of (1) a threat less the effect of threat-reducing safeguards; (2) a vulnerability less the effect of vulnerability-reducing safeguards; and (3) an asset less the effect of asset value-reducing safeguards.

Monitored

The effectiveness of controls should be ______ and measured regularly once a control strategy has been selected.

Tolerance

Risk appetite is also known as risk

Benifit

In an economic feasibility study, the _________ is the value to the organization of using controls that prevent losses related to a particular vulnerability.

Assest

valuation is the process of assigning financial value to an information asset

Exposure

The Single Loss Expectancy (SLE) is the result of the asset's value (AV) multiplied by the _______ factor.

Post Control

A cost benefit analysis (CBA) result is obtained from the difference between the pre-control and the __________ annualized loss expectancy (ALE).

Appetite tolerance

Risk __________ defines the quantity and nature of risk that an organization is willing to accept.

Residual

The element of remaining risk after vulnerabilities have been controlled is referred to as ___________ risk.

Delphi

The ______ technique is process in which a group ranks a set of information.

Octave

The _______ Method is an InfoSec risk evaluation methodology that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls.

Fair

is a risk management framework developed to help organizations to understand, analyze, and measure information risk.The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.

Hybrid

The _______ assessment, tries to improve upon the ambiguity of qualitative measures without resorting to the unsubstantiated estimation used for quantitative measures.

Prudent

Due care and due diligence occur when an organization adopts a certain minimum level of security as what any __________ organization would do in similar circumstances.

Involvement

One of the most common methods of obtaining user acceptance and support is via user

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set