Show
Home Subjects Solutions Create Log in Sign up Upgrade to remove ads Only ₩37,125/year
Review terms and definitions
Focus your studying with a path
Take a practice test
Get faster at matching terms Terms in this set (20)Each manager in the organization should focus on reducing risk. This is often done within the context of one of the three communities of interest, which includes all but which of the following? A) General management must structure the IT and InfoSec
functions C) Legal management must develop corporate-wide standards The identification and assessment of levels of risk in an organization describes which of the following? A) Risk
analysis A) Risk analysis Two of the activities involved in risk management include identifying risks and assessing risks. Which of the following activities is part of the risk assessment process? A) Creating an inventory of information assets D) Calculating the severity of risks to which assets are exposed in their current setting Two of the activities involved in risk management include identifying risks and assessing risks. Which of the following activities is part of the risk identification process? A) Determining the
likelihood that vulnerable systems will be attacked by specific threats C) Assigning a value to each information asset Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult? A) Part number D) IP address Which of the following is an attribute of a network device is physically tied to the network interface? A) Serial number B) MAC address Which of the following attributes does NOT apply to software information assets? A) Serial number ) Product dimensions Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components? A) Name D) Manufacturer's model or part number Data classification schemes should categorize information assets based on which of the following? A) Value and uniqueness B) Sensitivity and security needs Classification categories must be mutually exclusive and which of the following? A) Repeatable C) Comprehensive What is the final step in the risk identification process? A) Assessing values for information assets D) Listing assets in order of importance Once an information asset is identified, categorized, and classified, what must also be assigned to it? A) Asset tag B) Relative value What should you be armed with to adequately assess potential weaknesses in each information asset? A) Properly classified inventory A) Properly classified inventory Which of the following is an example of a technological obsolescence threat? A) Hardware equipment failure C) Outdated servers Determining the cost of recovery from an attack is one calculation that must be made to identify risk, what is another? A) Cost of prevention A) Cost of prevention What is defined as specific avenues that threat agents can exploit to attack an information asset? A) Liabilities C) Vulnerabilities What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create? A) Risk exposure report B) Threats-vulnerabilities-assets worksheet The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____. A) Vulnerability mitigation controls B) Risk assessment estimate factors An estimate made by the manager using good judgement and experience can account for which factor of risk assessment? A) Risk determination D) Uncertainty Which of the following is NOT among the typical columns in the ranked vulnerability risk worksheet? A) Uncertainty percentage A) Uncertainty percentage Sets found in the same folderChapter 3 - ITS - 254520 terms kmfrum1 Chapter 5 - ITS -254520 terms kmfrum1 Ch 4: Information Security Policy10 terms anb201 Chapter 7 - ITS - 254520 terms kmfrum1 Other sets by this creatorCSC-1110-Chapter 1015 terms kmfrum1 ITS-2545-Chapter 820 terms kmfrum1 Chapter 12 - ITS -254520 terms kmfrum1 Chapter 4 - ITS - 254520 terms kmfrum1 Other Quizlet setsExam 3 -MGT304162 terms liseomara27PLUS TT18 terms jjanjja EXAM 2 BIO 318 Practice Questions27 terms Audienuss13 Drugs, Brain, Behavior Exam 1148 terms kendall_kruszewski Related questionsQUESTION Eat the majority of your calories in the evening to fuel your sleep hours . 10 answers QUESTION the act of growing through unrelated diversification, essentially by acquiring companies in different industries. 15 answers QUESTION An organization's value is reflected in its productivity, satisfaction, and strategy. 3 answers QUESTION Each industry has differences regarding the nature of returns and the types of products returned. 2 answers Which term is used to describe specific avenues that threat agents can exploit to attack an information asset?Vulnerabilities are specific avenues that threat agents can exploit to attack an information asset. At the end of the risk identification process, a list of assets and their vulnerabilities has been developed.
Is an evaluation of the threats to information assets including a determination of their potential to endanger the organization?An evaluation of the threats to information assets, including a determination of their potential to endanger the organization, is known as exploit assessment.
Is the probability that a specific vulnerability will be attacked?Likelihood is the overall rating of the probability that a specific vulnerability will be exploited or attacked. Some threats can manifest in multiple ways, yielding multiple vulnerabilities for an asset-threat pair.
What is the formula to evaluate the risk for each information asset?Risk = Threat x Vulnerability x Asset
Although risk is represented here as a mathematical formula, it is not about numbers; it is a logical construct. For example, suppose you want to assess the risk associated with the threat of hackers compromising a particular system.
|