Create an account
When an organization's general management team determines that risks from information security threats are creating a competitive ___________, it empowers the information technology and information security communities of interest to control those risks.
The risk control strategy that seeks to reduce the impact of a successful attack through the use of IR, DR and BC plans is
is the risk control strategy that seeks to prevent exploitation of a perceived vulnerability through the application of effective safeguards.
is the risk control strategy that seeks to prevent exploitation of a perceived vulnerability through the application of effective safeguards is a control approach that attempts to shift the risk to other agencies who will manage or insure the assets.
The threat level and an asset's _______ should be a major factor in the risk control strategy selection.
is a is a combined function of (1) a threat less the effect of threat-reducing safeguards; (2) a vulnerability less the effect of vulnerability-reducing safeguards; and (3) an asset less the effect of asset value-reducing safeguards.
The effectiveness of controls should be ______ and measured regularly once a control strategy has been selected.
In an economic feasibility study, the _________ is the value to the organization of using controls that prevent losses related to a particular vulnerability.
The Single Loss Expectancy (SLE) is the result of the asset's value (AV) multiplied by the _______ factor.
A cost benefit analysis (CBA) result is obtained from the difference between the pre-control and the __________ annualized loss expectancy (ALE).
Risk __________ defines the quantity and nature of risk that an organization is willing to accept.
The element of remaining risk after vulnerabilities have been controlled is referred to as ___________ risk.
The _______ Method is an InfoSec risk evaluation methodology that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls.
is a risk management framework developed to help organizations to understand, analyze, and measure information risk.The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.
The _______ assessment, tries to improve upon the ambiguity of qualitative measures without resorting to the unsubstantiated estimation used for quantitative measures.
Due care and due diligence occur when an organization adopts a certain minimum level of security as what any __________ organization would do in similar circumstances.
Please allow access to your computer’s microphone to use Voice Recording.
Having trouble? Click here for help.
We can’t access your microphone!
Click the icon above to update your browser permissions and try again
Reload the page to try again!Reload
Press Cmd-0 to reset your zoom
Press Ctrl-0 to reset your zoom
It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.
Please upgrade Flash or install Chrome
to use Voice Recording.
For more help, see our troubleshooting page.
Your microphone is muted
For help fixing this issue, see this FAQ.
Star this term
You can study starred terms together