Advertisement Upgrade to remove ads

Chapter 9


When an organization's general management team determines that risks from information security threats are creating a competitive ___________, it empowers the information technology and information security communities of interest to control those risks.


The risk control strategy that seeks to reduce the impact of a successful attack through the use of IR, DR and BC plans is


is the risk control strategy that seeks to prevent exploitation of a perceived vulnerability through the application of effective safeguards.


is the risk control strategy that seeks to prevent exploitation of a perceived vulnerability through the application of effective safeguards is a control approach that attempts to shift the risk to other agencies who will manage or insure the assets.


The threat level and an asset's _______ should be a major factor in the risk control strategy selection.

Residual Risk

is a is a combined function of (1) a threat less the effect of threat-reducing safeguards; (2) a vulnerability less the effect of vulnerability-reducing safeguards; and (3) an asset less the effect of asset value-reducing safeguards.


The effectiveness of controls should be ______ and measured regularly once a control strategy has been selected.


Risk appetite is also known as risk


In an economic feasibility study, the _________ is the value to the organization of using controls that prevent losses related to a particular vulnerability.


valuation is the process of assigning financial value to an information asset


The Single Loss Expectancy (SLE) is the result of the asset's value (AV) multiplied by the _______ factor.

Post Control

A cost benefit analysis (CBA) result is obtained from the difference between the pre-control and the __________ annualized loss expectancy (ALE).

Appetite tolerance

Risk __________ defines the quantity and nature of risk that an organization is willing to accept.


The element of remaining risk after vulnerabilities have been controlled is referred to as ___________ risk.


The ______ technique is process in which a group ranks a set of information.


The _______ Method is an InfoSec risk evaluation methodology that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls.


is a risk management framework developed to help organizations to understand, analyze, and measure information risk.The outcomes are more cost-effective information risk management, greater credibility for the information security profession, and a foundation from which to develop a scientific approach to information risk management.


The _______ assessment, tries to improve upon the ambiguity of qualitative measures without resorting to the unsubstantiated estimation used for quantitative measures.


Due care and due diligence occur when an organization adopts a certain minimum level of security as what any __________ organization would do in similar circumstances.


One of the most common methods of obtaining user acceptance and support is via user

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again


Reload the page to try again!


Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording