What is risk management? Why is the identification of risks and vulnerabilities to assets so important in risk management? Risk identification (vulnerability), assessment
(exposure), and control (reduce to acceptable) Helps prioritize. According to Sun Tzu, what two key understandings must you achieve to be successful in battle? Know yourself (standing), know the enemy(threats). Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management? In risk management strategies, why must periodic review be part of the process? Ensure still effective, always neglected. Quiz 5
Often the focal point of attacks, considered special rather than combined with others. Quiz 6
Quiz 7
Quiz 8
Both are important as depending upon the organization’s list priority and classification. Quiz 9
Revenue is the recognition of income from an activity supported by the system. Profit is the amount of revenue that exceeds operating costs. Some systems may cost more to operate than they contribute to revenue. Quiz 10
Quiz 11
Quiz 12
Quiz 13
to prevent the exploitation of the vulnerability.
Quiz 14
shift risk to other assets, other processes, or other organizations. by rethinking how services are offered, revising deployment models, outsourcing, insurance, or implementing service contracts with providers. Outsourcing transfer to another organization that has experience, and service provider is responsible for disaster recovery. Quiz 15
Reduce the impact.
Quiz 16
The DR plan focuses more on preparations completed before and actions taken for disasters —often escalated incidents; to reestablish operations at the primary site. The IR plan focuses onIncident Response: intelligence gathering, information analysis, coordinated decision making,and urgent, concrete actions taken while an incident is occurring. Quiz 17
Quiz 18
A decision-making process to evaluate whether benefit is worth the expense. Quiz 19
A single loss expectancy is the value associated with the most likely loss from an attack. Annual loss expectancy is the expected loss from exploitation of a vulnerability for a specific information asset over the course of a year. Quiz 20
Even when vulnerabilities have been controlled as much as possible, remainder that some risk that has not been completely removed, shifted, or planned for. What information attribute is often of great value for networking equipment when DHCP is not used?What information attribute is often of great value for networking equipment when DHCP is not used? The IP address is a useful attribute for networking equipment.
What kind of data and information can be found using a packet sniffer quizlet?What kind of data and information can be found using a packet sniffer? A packet sniffer can be used to collect and view all packets on a network, or for a certain set of addresses. It will show encrypted and clear text transmissions, and allow an administrator or hacker to view these packets.
Which is more important to the systems components classification scheme that the asset identification list be comprehensive or mutually exclusive?It is more important that the list be comprehensive than mutually exclusive. It would be far better to have a component assessed in an incorrect category rather than to have it go completely unrecognized during a risk assessment.
Why is the identification of risks and vulnerabilities to assets so important in the IT risk management industry quizlet?Why is identification of risks, through a listing of assets and their vulnerabilities, so important to the risk management process? Answer: It is important because management needs to know the value of each company asset and what losses will be incurred if an asset is compromised.
|