How can we help?

You can also find more resources in our Help Center.

Chapter 9 - Risk Management: Controlling Risk

Chapter 9
STUDY
PLAY
Disadvantage
When an organization's general management team determines that risks from information security threats are creating a competitive ___________, it empowers the information technology and information security communities of interest to control those risks.
Mitigation
The risk control strategy that seeks to reduce the impact of a successful attack through the use of IR, DR and BC plans is
Avoidance
is the risk control strategy that seeks to prevent exploitation of a perceived vulnerability through the application of effective safeguards.
Transference
is the risk control strategy that seeks to prevent exploitation of a perceived vulnerability through the application of effective safeguards is a control approach that attempts to shift the risk to other agencies who will manage or insure the assets.
Value
The threat level and an asset's _______ should be a major factor in the risk control strategy selection.
Residual Risk
is a is a combined function of (1) a threat less the effect of threat-reducing safeguards; (2) a vulnerability less the effect of vulnerability-reducing safeguards; and (3) an asset less the effect of asset value-reducing safeguards.
Monitored
The effectiveness of controls should be ______ and measured regularly once a control strategy has been selected.
Tolerance
Risk appetite is also known as risk
Benifit
In an economic feasibility study, the _________ is the value to the organization of using controls that prevent losses related to a particular vulnerability.
Assest
valuation is the process of assigning financial value to an information asset
Exposure
The Single Loss Expectancy (SLE) is the result of the asset's value (AV) multiplied by the _______ factor.
Post Control
A cost benefit analysis (CBA) result is obtained from the difference between the pre-control and the __________ annualized loss expectancy (ALE).
Appetite tolerance
Risk __________ defines the quantity and nature of risk that an organization is willing to accept.
Residual
The element of remaining risk after vulnerabilities have been controlled is referred to as ___________ risk.
Delphi
The ______ technique is process in which a group ranks a set of information.
Octave
The _______ Method is an InfoSec risk evaluation methodology that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls.
Fair
is a risk management framework developed to help organizations to understand, analyze, and measure information risk.The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.
Hybrid
The _______ assessment, tries to improve upon the ambiguity of qualitative measures without resorting to the unsubstantiated estimation used for quantitative measures.
Prudent
Due care and due diligence occur when an organization adopts a certain minimum level of security as what any __________ organization would do in similar circumstances.
Involvement
One of the most common methods of obtaining user acceptance and support is via user