ANSWERS
Administrative Controls - CORRECT ANSWER-Procedures
implemented to define the roles, responsibilities, policies, and
administrative functions needed to manage the control
environment.
Annualized Rate of Occurrence (ARO) - CORRECT ANSWER-
An estimate of how often a threat will be successful in
exploiting a vulnerability over the period of a year.
Arms Export Control Act of 1976 - CORRECT ANSWER-
Authorizes the President to designate those items that shall be
considered as defense articles and defense services and
control their import and the export.
Availability - CORRECT ANSWER-The principle that ensures
that information is available and accessible to users when
needed.
Breach - CORRECT ANSWER-An incident that results in the
disclosure or potential exposure of data.
Compensating Controls - CORRECT ANSWER-Controls that
substitute for the loss of primary controls and mitigate risk down
to an acceptable level.
Compliance - CORRECT ANSWER-Actions that ensure
behavior that complies with established rules.
Confidentiality - CORRECT ANSWER-Supports the principle of
"least privilege" by providing that only authorized individuals,
,processes, or systems should have access to information on a
need-to-know basis.
Copyright - CORRECT ANSWER-Covers the expression of
ideas rather than the ideas themselves; it usually protects
artistic property such as writing, recordings, databases, and
computer programs.
Corrective: Controls - CORRECT ANSWER-Controls
implemented to remedy circumstance, mitigate damage, or
restore controls.
Data Disclosure - CORRECT ANSWER-A breach for which it
was confirmed that data was actually disclosed (not just
exposed) to an unauthorized party.
Detective Controls - CORRECT ANSWER-Controls designed to
signal a warning when a security control has been breached.
Deterrent Controls - CORRECT ANSWER-Controls designed to
discourage people from violating security directives.
Directive Controls - CORRECT ANSWER-Controls designed to
specify acceptable rules of behavior within an organization.
Due Care - CORRECT ANSWER-The care a "reasonable
person" would exercise under given circumstances.
Due Diligence - CORRECT ANSWER-Is similar to due care
with the exception that it is a pre-emptive measure made to
avoid harm to other persons or their property.
Enterprise Risk Management - CORRECT ANSWER-A process
designed to identify potential events that may affect the entity,
manage risk so it is within its risk appetite, and provide
reasonable assurance regarding the achievement of entity
objectives.
,Export Administration Act of 1979 - CORRECT ANSWER-
Authorized the President to regulate exports of civilian goods
and technologies that have military applications.
Governance - CORRECT ANSWER-Ensures the business
focuses on core activities, clarifies who in the organization has
the authority to make decisions, determines accountability for
actions and responsibility for outcomes, and addresses how
expected performance will be evaluated.
Incident - CORRECT ANSWER-A security event that
compromises the confidentiality, integrity, or availability of an
information asset.
Integrity - CORRECT ANSWER-Comes in two forms; making
sure that information is processed correctly and not modified by
unauthorized persons, and protecting information as it transits a
network.
Information Security Officer - CORRECT ANSWER-
Accountable for ensuring the protection of all of the business
information assets from intentional and unintentional loss,
disclosure, alteration, destruction, and unavailability.
Least Privilege - CORRECT ANSWER-Granting users only the
accesses that are required to perform their job functions.
Logical (Technical) Controls - CORRECT ANSWER-Electronic
hardware and software solutions implemented to control access
to information and information networks.
Patent - CORRECT ANSWER-Protects novel, useful, and
nonobvious inventions.
Physical Controls - CORRECT ANSWER-Controls to protect
the organization's people and physical environment, such as
, locks, fire management, gates, and guards; physical controls
may be called "operational controls" in some contexts.
Preventive Controls - CORRECT ANSWER-Controls
implemented to prevent a security incident or information
breach.
Recovery Controls - CORRECT ANSWER-Controls
implemented to restore conditions to normal after a security
incident.
Recovery Time Objective (RTO) - CORRECT ANSWER-How
quickly you need to have that application's information available
after downtime has occurred.
Recovery Point Objective (RPO) - CORRECT ANSWER-The
point in time to which data must be restored in order to
successfully resume processing.
Risk - CORRECT ANSWER-1. A combination of the probability
of an event and its consequence (ISO 27000) 2. An expectation
of loss expressed as the probability that a particular threat will
exploit a particular vulnerability with a particular harmful
result.(RFC 2828)
Risk Acceptance - CORRECT ANSWER-The practice of
accepting certain risk(s), typically based on a business decision
that may also weigh the cost versus the benefit of dealing with
the risk in another way.
Risk Avoidance - CORRECT ANSWER-The practice of coming
up with alternatives so that the risk in question is not realized.
Risk Mitigation - CORRECT ANSWER-The practice of the
elimination of or the significant decrease in the level of risk
presented.