Official (ISC)² CISSP - Domain 1: Security and Risk Management TOP Questions& Answers 2024

Administrative Controls - Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment. Annualized Rate of Occurrence (ARO) - An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year. Arms Export Control Act of 1976 - Authorizes the President to designate those items that shall be considered as defense articles and defense services and control their import and the export. Availability - The principle that ensures that information is available and accessible to users when needed. Breach - An incident that results in the disclosure or potential exposure of data. Compensating Controls - Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level. Compliance - Actions that ensure behavior that complies with established rules. Confidentiality - Supports the principle of "least privilege" by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know basis.