search

What is defined as specific avenues that threat agents can exploit to attack an information asset?

1 Jahrs vor
Kommentare: 0
Ansichten: 185

Show

Home

Subjects

Solutions

Create

Log in

Sign up

Upgrade to remove ads

Only ₩37,125/year

  1. Social Science
  2. Sociology
  3. Management

How do you want to study today?

  • Flashcards

    Review terms and definitions

  • Learn

    Focus your studying with a path

  • Test

    Take a practice test

  • Match

    Get faster at matching terms

Terms in this set (20)

Each manager in the organization should focus on reducing risk. This is often done within the context of one of the three communities of interest, which includes all but which of the following?

A) General management must structure the IT and InfoSec functions
B) IT management must serve the IT needs of the broader organization
C) Legal management must develop corporate-wide standards
D) InfoSec management must lead the way with skill, professionalism, and flexibility

C) Legal management must develop corporate-wide standards

The identification and assessment of levels of risk in an organization describes which of the following?

A) Risk analysis
B) Risk identification
C) Risk management
D) Risk reduction

A) Risk analysis

Two of the activities involved in risk management include identifying risks and assessing risks. Which of the following activities is part of the risk assessment process?

A) Creating an inventory of information assets
B) Classifying and organizing information assets into meaningful groups
C) Assigning a value to each information asset
D) Calculating the severity of risks to which assets are exposed in their current setting

D) Calculating the severity of risks to which assets are exposed in their current setting

Two of the activities involved in risk management include identifying risks and assessing risks. Which of the following activities is part of the risk identification process?

A) Determining the likelihood that vulnerable systems will be attacked by specific threats
B) Calculating the severity of risks to which assets are exposed in their current setting
C) Assigning a value to each information asset
D) Documenting and reporting the findings of risk identification and assessment

C) Assigning a value to each information asset

Which of the following is a network device attribute that may be used in conjunction with DHCP, making asset-identification using this attribute difficult?

A) Part number
B) Serial number
C) MAC address
D) IP address

D) IP address

Which of the following is an attribute of a network device is physically tied to the network interface?

A) Serial number
B) MAC address
C) IP address
D) Model number

B) MAC address

Which of the following attributes does NOT apply to software information assets?

A) Serial number
B) Controlling entity
C) Manufacturer name
D) Product dimensions

) Product dimensions

Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

A) Name
B) MAC address
C) Serial number
D) Manufacturer's model or part number

D) Manufacturer's model or part number

Data classification schemes should categorize information assets based on which of the following?

A) Value and uniqueness
B) Sensitivity and security needs
C) Cost and replacement value
D) Ease of reproduction and fragility

B) Sensitivity and security needs

Classification categories must be mutually exclusive and which of the following?

A) Repeatable
B) Unique
C) Comprehensive
D) Selective

C) Comprehensive

What is the final step in the risk identification process?

A) Assessing values for information assets
B) Classifying and categorizing assets
C) Identifying and inventorying assets
D) Listing assets in order of importance

D) Listing assets in order of importance

Once an information asset is identified, categorized, and classified, what must also be assigned to it?

A) Asset tag
B) Relative value
C) Location ID
D) Threat risk

B) Relative value

What should you be armed with to adequately assess potential weaknesses in each information asset?

A) Properly classified inventory
B) Audited accounting spreadsheet
C) Intellectual property assessment
D) List of known threats

A) Properly classified inventory

Which of the following is an example of a technological obsolescence threat?

A) Hardware equipment failure
B) Unauthorized access
C) Outdated servers
D) Malware

C) Outdated servers

Determining the cost of recovery from an attack is one calculation that must be made to identify risk, what is another?

A) Cost of prevention
B) Cost of litigation
C) Cost of detection
D) Cost of identification

A) Cost of prevention

What is defined as specific avenues that threat agents can exploit to attack an information asset?

A) Liabilities
B) Defenses
C) Vulnerabilities
D) Weaknesses

C) Vulnerabilities

What should the prioritized list of assets and their vulnerabilities and the prioritized list of threats facing the organization be combined to create?

A) Risk exposure report
B) Threats-vulnerabilities-assets worksheet
C) Costs-risks-prevention database
D) Threat assessment catalog

B) Threats-vulnerabilities-assets worksheet

The likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability are each examples of _____.

A) Vulnerability mitigation controls
B) Risk assessment estimate factors
C) Exploit likelihood equation
D) Attack analysis calculation

B) Risk assessment estimate factors

An estimate made by the manager using good judgement and experience can account for which factor of risk assessment?

A) Risk determination
B) Assessing potential loss
C) Likelihood and consequences
D) Uncertainty

D) Uncertainty

Which of the following is NOT among the typical columns in the ranked vulnerability risk worksheet?

A) Uncertainty percentage
B) Asset impact
C) Risk-rating factor
D) Vulnerability likelihood

A) Uncertainty percentage

Sets found in the same folder

Chapter 3 - ITS - 2545

20 terms

kmfrum1

Chapter 5 - ITS -2545

20 terms

kmfrum1

Ch 4: Information Security Policy

10 terms

anb201

Chapter 7 - ITS - 2545

20 terms

kmfrum1

Other sets by this creator

CSC-1110-Chapter 10

15 terms

kmfrum1

ITS-2545-Chapter 8

20 terms

kmfrum1

Chapter 12 - ITS -2545

20 terms

kmfrum1

Chapter 4 - ITS - 2545

20 terms

kmfrum1

Other Quizlet sets

Exam 3 -MGT304

162 terms

liseomara27PLUS

TT

18 terms

jjanjja

EXAM 2 BIO 318 Practice Questions

27 terms

Audienuss13

Drugs, Brain, Behavior Exam 1

148 terms

kendall_kruszewski

Related questions

QUESTION

Eat the majority of your calories in the evening to fuel your sleep hours .

10 answers

QUESTION

the act of growing through unrelated diversification, essentially by acquiring companies in different industries.

15 answers

QUESTION

An organization's value is reflected in its productivity, satisfaction, and strategy.

3 answers

QUESTION

Each industry has differences regarding the nature of returns and the types of products returned.

2 answers

Which term is used to describe specific avenues that threat agents can exploit to attack an information asset?

Vulnerabilities are specific avenues that threat agents can exploit to attack an information asset. At the end of the risk identification process, a list of assets and their vulnerabilities has been developed.

Is an evaluation of the threats to information assets including a determination of their potential to endanger the organization?

An evaluation of the threats to information assets, including a determination of their potential to endanger the organization, is known as exploit assessment.

Is the probability that a specific vulnerability will be attacked?

Likelihood is the overall rating of the probability that a specific vulnerability will be exploited or attacked. Some threats can manifest in multiple ways, yielding multiple vulnerabilities for an asset-threat pair.

What is the formula to evaluate the risk for each information asset?

Risk = Threat x Vulnerability x Asset Although risk is represented here as a mathematical formula, it is not about numbers; it is a logical construct. For example, suppose you want to assess the risk associated with the threat of hackers compromising a particular system.

defined specific avenues threat agents exploit attack information asset

zusammenhängende Posts

Can be defined as the process of selecting a right and effective course of action from two or more alternatives for the purpose of achieving a desired result?
Can be defined as the process of selecting a right and effective course of action from two or more alternatives for the purpose of achieving a desired result?

Defined as the collection of past and current information to make predictions about the future
Defined as the collection of past and current information to make predictions about the future

Which managerial function is best defined by the process of checking progress against projected plans and objectives?
Which managerial function is best defined by the process of checking progress against projected plans and objectives?

Which of the following is defined as the commonly held beliefs ideals and values within an organization?
Which of the following is defined as the commonly held beliefs ideals and values within an organization?

Which function of management is defined as comparison of actual performance with planned performance?
Which function of management is defined as comparison of actual performance with planned performance?

What is it called when all employee job tasks and responsibilities and relationships are clearly defined?
What is it called when all employee job tasks and responsibilities and relationships are clearly defined?

Which type of team is defined as small groups or workers brought together from throughout the organization to solve specific quality productivity or service problems?
Which type of team is defined as small groups or workers brought together from throughout the organization to solve specific quality productivity or service problems?

What kind of commitment is defined as a desire to remain a member of an organization because of an awareness of the costs associated with leaving it?
What kind of commitment is defined as a desire to remain a member of an organization because of an awareness of the costs associated with leaving it?

How have the meanings of the constitutional clauses that grant powers to Congress been defined?
How have the meanings of the constitutional clauses that grant powers to Congress been defined?

What is defined as the hereditary endogamous social group in which a persons rank rights and obligations are ascribed based on his her birth into a particular group?
What is defined as the hereditary endogamous social group in which a persons rank rights and obligations are ascribed based on his her birth into a particular group?

Werbung

NEUESTEN NACHRICHTEN

Which list below contains only information systems development project risk factors?
1 Jahrs vor . durch MaleAllocation
Controlling measures the of actual performance from the standard performance
1 Jahrs vor . durch BrokenDeficiency
Welche Elemente kommen im menschlichen Körper vor?
1 Jahrs vor . durch LeveragedAvarice
Mit anzusehen wenn der mann anbaut
1 Jahrs vor . durch GubernatorialFreestyle
Second Hand Kinder in der Nähe
1 Jahrs vor . durch Tax-freeChemotherapy
Which of the following statements is true regarding surface-level diversity?
1 Jahrs vor . durch CracklingLordship
Wie wird man im Solarium am besten braun?
1 Jahrs vor . durch FlushedDemeanor
When giving a speech of presentation you should usually explain why the recipient is being given his or her award?
1 Jahrs vor . durch DentalSnail
Wie lange ist 3 tage fieber ansteckend
1 Jahrs vor . durch ObsessiveRedemption
Was sagt man wenn jemand in rente geht
1 Jahrs vor . durch SubjectiveCriminality

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjakoptzhhi
Urheberrechte © © 2024 decemle Inc.