Like this study set? Create a free account to save it.

Sign up for an account

Already have a Quizlet account? .

Create an account

risk management

Risk identification is performed within a larger process of identifying and justifying risk controls, which is called ___.

risk control

The second major undertaking involved in risk management, after risk identification, is___.

know the enemy and know yourself

According to Chinese General Sun Tzu, you should ___.


For information security purposes, ___ are the systems that use, store, and transmit information.


The ___ community of interest should have the best understanding of threats and attacks and often takes a leadership role in addressing risks.

information technology

The ___ community of interest must assist in risk management by configuring and operating information systems in a secure fashion.

general management

The ___ community of interest must ensure sufficient resources are allocated to the risk management process.

information assets

Risk management strategy calls on information security professionals to know their organization's ___.

applications, operating systems, security components

The traditional system component of software can be broken into three components when viewed from an information security perspective: ___, ___, and ___.

intranet components and internet or dmz components

Hardware networking components can be broken down into two subgroups when viewed from an information security perspective: ___ and ___.

media access control (MAC) address

All network devices are assigned a unique number by the hardware at the network interface layer called the ___.

field change order (FCO)

The repair, modification, or update of a piece of equipment, usually made at the customer's premises, is called a ___.

weighted factor analysis

___ is the process of assigning scores for critical factors, each of which is weighted in importance by the organization.

list assets in order of their importance to the organization

The purpose of a weighted factor analysis is to ___.

data classification schemes

In order to ensure effort is spent protecting information that needs protecting, organizations implement ___.

a relatively small number

All data classification schemes use ___ of categories.

security clearance

When individuals are assigned security labels for access to categories of information, they have acquired ___.

threat assessment

The process of examining how each threat will affect an organization is called a ___.


Specific avenues that threat agents can exploit in attacks on information assets are called ___.

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions and try again


Reload the page to try again!


Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

Voice Recording