Definition
Something that has potential to cause harm
Give this one a try later!
All systems are operational and Threat (Term Related to
accessible Attacks)
The incident response process, at a
Mitigating risks ( Administrative)
high level, consists of:
Don't know?
, 2 of 93
Term
Once we have been able to identify the assets in use
Give this one a try later!
Deciding which of them is a critical business asset is another question
entirely. If we ask the individual business or function to which the asset
belongs, we will likely find it deemed to be critical, whether it is critical to
the functionality of the organization as a whole is another question entirely.
Are we secure if our systems are properly patched? Are we secure if we use
strong passwords? Are we secure if we are disconnected from the Internet
entirely? From a certain point of view, all of these questions can be answered
with a "no," so the real question is are we reasonably secure.
Post incident activity, as with preparation, is a phase we can easily overlook, but
should ensure that we do not. In the post incident activity phase, often referred
to as a postmortem (latin for after death), we attempt to determine specifically
what happened, why it happened, and what we can do to keep it from
happening again. This is not just a technical review as policies or infrastructure
may need to be changed. The purpose of this phase is not to point fingers or
place blame (although this does sometimes happen), but to ultimately prevent or
lessen the impact of future such incidents.
Security and productivity are often diametrically opposing concepts, and that
being able to point out exactly when we are secure is a difficult task.
Don't know?
3 of 93
,Term
The idea behind defense in depth is:
Give this one a try later!
Not to keep an attacker out permanently but to delay him long enough to
alert us to the attack and to allow us to mount a more active defense.
a log containing records of all inbound and outbound network traffic that passes
through the network firewall.
"protecting information and information systems from unauthorized access, use,
disclosure, disruption, modification, or destruction," according to US law [1]. In
essence, it means we want to protect our data (where ever it is) and systems
assets from those who would seek to misuse it.
One of the FIRST and, arguably, one of the MOST important parts of the risk
management process is identifying and categorizing the assets that we are
protecting. If we cannot enumerate the assets that we have and evaluate the
importance of each of them, protecting them can become a very difficult task
indeed. In larger enterprises, merely producing a list of all of the assets with
which we are concerned may be troublesome. In many cases, various
generations of hardware and devices may be present, assets from acquisitions of
other companies may be lurking in unknown areas, and scores of unrecorded
virtual hosts may be in use, any of which may be critical to the continued
functionality of certain aspects of a business.
Don't know?
4 of 93
, Definition
advisable, if not mandated
Give this one a try later!
Vulnerability (Term Related to Data have not been modified from
Attacks) the original creation
Following the security
standards defined for the
All systems are operational and
industry in which we are
accessible
operating is generally
considered to be
Don't know?
5 of 93
Term
Risk (Term Related to Attacks)
Give this one a try later!
Identify Assets > Identify Threats>
Assess Vulnerabilities > Assess Risks disclosure, alteration, and denial
> Mitigate Risks >(back to Identifying (DAD).
Assets)