19 terms

Principles of Information Security Ch. 4 Self-Assessment

risk management
Risk identification is performed within a larger process of identifying and justifying risk controls, which is called ___.
risk control
The second major undertaking involved in risk management, after risk identification, is___.
know the enemy and know yourself
According to Chinese General Sun Tzu, you should ___.
For information security purposes, ___ are the systems that use, store, and transmit information.
The ___ community of interest should have the best understanding of threats and attacks and often takes a leadership role in addressing risks.
information technology
The ___ community of interest must assist in risk management by configuring and operating information systems in a secure fashion.
general management
The ___ community of interest must ensure sufficient resources are allocated to the risk management process.
information assets
Risk management strategy calls on information security professionals to know their organization's ___.
applications, operating systems, security components
The traditional system component of software can be broken into three components when viewed from an information security perspective: ___, ___, and ___.
intranet components and internet or dmz components
Hardware networking components can be broken down into two subgroups when viewed from an information security perspective: ___ and ___.
media access control (MAC) address
All network devices are assigned a unique number by the hardware at the network interface layer called the ___.
field change order (FCO)
The repair, modification, or update of a piece of equipment, usually made at the customer's premises, is called a ___.
weighted factor analysis
___ is the process of assigning scores for critical factors, each of which is weighted in importance by the organization.
list assets in order of their importance to the organization
The purpose of a weighted factor analysis is to ___.
data classification schemes
In order to ensure effort is spent protecting information that needs protecting, organizations implement ___.
a relatively small number
All data classification schemes use ___ of categories.
security clearance
When individuals are assigned security labels for access to categories of information, they have acquired ___.
threat assessment
The process of examining how each threat will affect an organization is called a ___.
Specific avenues that threat agents can exploit in attacks on information assets are called ___.