CYBER SECURITY AND INFORMATION ASSURANCE QUESTIONS AND ANSWERS 100% CORRECT!

Risk Assessment - ANSWER means "the process of identifying, estimating, and prioritizing information security risks." What does risk assessment include? - ANSWER *Identify threats *Estimate the likelihood of being targeted *Identify vulnerabilities *Estimate the impact/harm should a threat successfully exploit a vulnerability *Estimate the likelihood that the harm will occur *Estimate risk as a function of the degree of harm and the likelihood that it will occur Responding/Treating Risk - ANSWER Avoid Mitigate Transfer Accept Avoid (Risk) - ANSWER Discontinue risky practice (decommission insecure system or prohibit insecure conduct) Mitigate(Risk) - ANSWER Apply measures to reduce the level of risk (encryption, AV, access control) Transfer(Risk) - ANSWER Shift the impact to some other entity(cyber-insurance, contractual means such as indemnification clauses) Accept(Risk) - ANSWER Process by which managers agree to accept the risk (e.g., managers understand risk and the possible options for treating it, but decide to accept it) Controls - ANSWER Measures that we put in place to mitigate risk Administrative Control - ANSWER management of policy oriented Technical Control - ANSWER Software or hardware oriented Physical Control - ANSWER Physical items (other than computer hardware) used to secure assets Control Functions - ANSWER Deterrence Prevention Detective Compensating Corrective Recovery Monitoring Risk - ANSWER * seeing if chosen risk responses are actually implemented * determining if they are effective * tracking changes in risk environment that need to be fed back into new assessment * verifying compliance with legal, contractual, an