MANAGEMENT WITH ANSWERS
Administrative Controls - CORRECT ANSWER-Procedures
implemented to define the roles, responsibilities, policies, and
administrative functions needed to manage the control
environment.
Annualized Rate of Occurrence (ARO) - CORRECT ANSWER-
An estimate of how often a threat will be successful in
exploiting a vulnerability over the period of a year.
Arms Export Control Act of 1976 - CORRECT ANSWER-
Authorizes the President to designate those items that shall be
considered as defense articles and defense services and
control their import and the export.
Availability - CORRECT ANSWER-The principle that ensures
that information is available and accessible to users when
needed.
Breach - CORRECT ANSWER-An incident that results in the
disclosure or potential exposure of data.
Compensating Controls - CORRECT ANSWER-Controls that
substitute for the loss of primary controls and mitigate risk down
to an acceptable level.
Compliance - CORRECT ANSWER-Actions that ensure
behavior that complies with established rules.
Confidentiality - CORRECT ANSWER-Supports the principle of
"least privilege" by providing that only authorized individuals,
, processes, or systems should have access to information on a
need-to-know basis.
Copyright - CORRECT ANSWER-Covers the expression of
ideas rather than the ideas themselves; it usually protects
artistic property such as writing, recordings, databases, and
computer programs.
Corrective: Controls - CORRECT ANSWER-Controls
implemented to remedy circumstance, mitigate damage, or
restore controls.
Data Disclosure - CORRECT ANSWER-A breach for which it
was confirmed that data was actually disclosed (not just
exposed) to an unauthorized party.
Detective Controls - CORRECT ANSWER-Controls designed to
signal a warning when a security control has been breached.
Deterrent Controls - CORRECT ANSWER-Controls designed to
discourage people from violating security directives.
Directive Controls - CORRECT ANSWER-Controls designed to
specify acceptable rules of behavior within an organization.
Due Care - CORRECT ANSWER-The care a "reasonable
person" would exercise under given circumstances.
Due Diligence - CORRECT ANSWER-Is similar to due care
with the exception that it is a pre-emptive measure made to
avoid harm to other persons or their property.
Enterprise Risk Management - CORRECT ANSWER-A process
designed to identify potential events that may affect the entity,
manage risk so it is within its risk appetite, and provide
reasonable assurance regarding the achievement of entity
objectives.