Like this study set? Create a free account to save it.

Sign up for an account

Already have a Quizlet account? .

Create an account

Chapter 4- Principles of Information Security 4th Ed.

Risk control

_____ is the application of controls to reduce the risks to an organization's data and information systems.

competitive disadvantage

The concept of _____ refers to falling behind the competition.

Risk identification

The first phase of risk management is _____.

MAC addresses

_____ are sometimes called electronic serial numbers or hardware addresses.

data classification scheme

Many corporations use a _____ to help secure the confidentiality and integrity of information.


A _____ is an authorization issued by an organization for the repair, modification, or update of a piece of equipment.


The military uses a _____-level classification scheme.


In the U.S. military classification scheme, _____ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.


Management of classified data includes its storage and _____.

dumpster diving

There are individuals who search trash and recycling - a practice known as _____ -to retrieve information that could embarrass a company or compromise information security.

weighted factor analysis

In a _____, each information asset is assigned a score for each of a set of assigned critical factor.


_____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.


The ____ security policy is an executive-level document that outlines the organization's approach and attitude towards information security and relates the strategic value of information security within the organization.


The ____ security policy is a planning document that outlines the process of implementing security in the organization.


_____ policies address the particular use of certain systems.

defend control

The _____ strategy attempts to prevent the exploitation of the vulnerability.

transfer control

The _____ strategy attempts to shift risk to other assets, other processes, or other organizations.


The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the _____ plan.


_____ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.

accept control

The _____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.


The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a _____.


_____ is simply how often you expect a specific type of attack to occur.

standard of due care

When organizations adopt levels of security for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as a _____.


_____ feasibility analysis examines user acceptance and support, management acceptance and support, and the overall requirements of the organization's stakeholders.

Risk appetite

_____ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions and try again


Reload the page to try again!


Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

Voice Recording