Show
Focus your studying with a path
Get faster at matching terms Risk Management Assessing Risk Terms in this set (55)Sets with similar termsEvery organization uses its information to support its business operations. When there are threats in the internal and external environments, they create the risk of information loss or damage. This course examines the design and construction of a risk management program, including policies and plans, to support the identification and treatment of risk to the organization’s information assets. View Syllabus From the lesson Conducting the RM Process (Module 2.3) Taught By
Explore our CatalogJoin for free and get personalized recommendations, updates and offers.
A countermeasure is a strp planned and taken in opposition to another act or potential act. Physical Security Countermeasures The following countermeasures address physical security concerns that could affect your site(s) and equipment. These strategies are recommended when risk assessment identifies or confirms the need to counter potential breaches in the physical security of your system. Create a Secure Environment: Building and Room Construction:17
Select only those countermeasures that meet percuived needs as indentified during risk assessment (Chapter 2) and support security policy (Chapter 3).
Recognize that some countermeasures are ideals and may not be feasible if, for example, your organization is housed in an old building.
Rebuff Theft:18
While the X-ray conveyor belt is the preferred way of transporting a laptop through airport security (compared to subjecting the computer to the magnetic fields of walk-through or wand scanners), it is also a prime place for theft. Thieves love to "inadvertently" pick up the wrong bag and disappear while passengers are fumbling through their pockets to find the loose coins that keep setting off the metal detectors. Use the X-ray conveyor belt, but never take your eyes off your laptop! Require laptop users to read the recommended travel guidelines that should come with the equipments's documentation.
It Really Happens! Jack's briefcase was his life. Well, maybe it wasn't his whole life, but it definitely contained the better part of his professional life. It held his grade book, his lesson plans, his master's thesis--all very important things in the world of a middle school teacher. And it wouldn't be an exaggeration to say that Jack sure was surprised when his life (the briefcase) went up in flames one afternoon in the school cafeteria. He couldn't explain it, but nonetheless he found himself sitting in front of the district technologist trying to do exactly that--explain why his briefcase caught on fire and ruined, among more important things to him, the spare battery he was carrying for the school's laptop computer. "So," the technologist asked, "you're saying that you're surprised that your briefcase caught on fire? Well, let me tell you, I'm glad that it was only your bag that was damaged. Didn't you know that the exposed terminals of a battery can cause a spark? Didn't you know that any piece of metal, even a paper clip, can serve as the conduit? That's all it takes: an improperly stored battery, a paper clip and anything combustible--and wham, you've got yourself a fire. Your home could have gone up in flames last night because of it. Or your school could have this afternoon. Didn't you know that?" Jack almost replied that, of course, he hadn't known about all of those dangers, and that the technologist should have warned him about them before he had borrowed the laptop and extra battery. But instead he just shook his head sheepishly. After all, along with his grade book, lesson plans, and master's thesis, he had just burned a $200 dollar laptop battery that didn't belong to him. Regulate Power Supplies:
Pay attention to the manufacturer's recommendations for storing portable computer batteries--they carry live charges and are capable of igniting fires if not handled properly.
Protect Output:
It Really Happens! Dr. Hamilton was everything that a school district could ask for. She was a great visionary, a trusted leader, and an excellent superintendent... but she was terrible with the piles of paper she kept on her desk. Luckily for her and the district, she had an equally competent secretary. Lucy was always one step ahead of Dr. Hamilton with the paperwork. She knew where to find the latest draft of the letter to the Board. She knew which form needed to be completed by when. She knew how many copies of the monthly report needed to be run off. One afternoon, Dr. Hamilton came running out of her office to Lucy's desk, "You haven't shredded those papers I gave you this morning yet, have you?" As was always the case, Lucy had, of course, completed the task shortly after it had been handed to her. She told Dr. Hamilton so, and asked what was the matter. "I think that I accidentally gave you my only copy of the speech I'm giving to the Chamber of Commerce tonight," the distraught woman replied, knowing that she'd never be able to reproduce the outline in time for the meeting. "Don't worry," Lucy said, beaming with pride that her forethought was about to again pay off, "I make backup copies of every sheet of paper you give me before I turn on that paper shredder. Let's look in my filing cabinet." Dr. Hamilton let out a deep sigh of relief--Lucy had again saved the day. Suddenly, however, the astute superintendent paused, "What do you mean you make copies of everything I give you before you turn on the paper shredder?"
Physical Security Checklist While it may be tempting to simply refer to the following checklist as your security plan, to do so would limit the effectiveness of the recom-mendations. They are most useful when initiated as part of a larger plan to develop and implement security policy throughout an organization. Other chapters in this document also address ways to customize policy to your organization's specific needs--a concept that should not be ignored if you want to maximize the effectiveness of any given guideline. Security Checklist for Chapter 5The brevity of a checklist can be helpful, but it in no way makes up for the detail of the text.
What is the process of identifying potential threats to an information asset?A cyber security risk assessment is the process of identifying and analyzing information assets, threats, vulnerabilities and incident impact in order to guide security strategy.
Is the recognition enumeration and documentation of risks to an organization's information assets?The recognition, enumeration and documentation of risks to an organization's information assets is known as risk control. An evaluation of the threats to information assets, including a determination of their potential to endanger the organization, is known as exploit assessment.
What is the process of assigning financial value or worth to each information asset?Asset valuation is the process of assigning financial value or worth to each information asset. The value of information differs within organizations and between organizations, based on the characteristics of information and the perceived value of that information.
Is the process of identifying risks that pose threats to the assets that need to be safeguarded?Risk analysis is the process of identifying information assets and their associated threats, vulnerabilities, and potential risks, and justifying the cost of countermeasures deployed to mitigate the loss.
|