CSM 2 - Multiple Answers
Performing and recording changes during software development and operation.
Manage Risk Scenarios
And is a Preventative Control
Scheduling (occurs outside of normal hours) - answer Configuration Management (CM)
Ultimately responsible for:
Process, performance, outcomes, Risk Analysis, compensating controls - answer
Process Owners
Firsthand knowledge of ORGANIZATIONAL processes and procedures - answer
Operations group
Multiple small events or vulnerabilities from a single threat vector that can cause a
significant impact to the organization.
Best way to assess is by pentesting - answerAggregated Risk
Determines overall what is working well and what needs improvement. It is also a
Quantifiable Approach.
Continuous and steady Improvements
Trends report
Meaningful to the recipient
Statistics of security incidents
Measurement of ROI
Completed Control Objectives
Who am I? - answerMetrics
Strategy is built and approved by senior management. They base their decision on
Business Priorities.
, A plan of action or policy designed to achieve a major or overall aim.
Initially done to define which requirements/resources are needed.
Does NOT change that easily or often. - answerStrategy
Study of the way work (inputs, activities, and outputs) moves through an organization
Improves operational efficiency - answerWorkflow analysis
Performing and recording changes during software development and operation.
Manage Risk Scenarios
And is a Preventative Control
Scheduling (occurs outside of normal hours) - answerConfiguration Management (CM)
How to respond and resolve in real time
Frequent testing identifies gaps in the procedures.
Last Hint, it reminds me of sports.. - answerIncident Response Playbook
Measurement of probability and impact of the identified risks.
Used in BIA
Used in Security Awareness Programs - answerQuantitative Risk Analysis
Leads to significant impact
Costly and overly complicated to implement
Highly integrated systems are more susceptible to (blank) risk - answerCascading Risk
It is mechanism to measure quantitative financial risk. It measures the likelihood of
losing more than a specific dollar amount over a specific period of time.
Monte Carlo simulation = Mathematical possible outcomes of uncertain events. -
answerValue at Risk (VaR)
Claim without proof which leads to...
A claim that the data presented in the report is valid by digitally signing it using the
TPM's private key - answerAttestation
Performing and recording changes during software development and operation.
Manage Risk Scenarios
And is a Preventative Control
Scheduling (occurs outside of normal hours) - answer Configuration Management (CM)
Ultimately responsible for:
Process, performance, outcomes, Risk Analysis, compensating controls - answer
Process Owners
Firsthand knowledge of ORGANIZATIONAL processes and procedures - answer
Operations group
Multiple small events or vulnerabilities from a single threat vector that can cause a
significant impact to the organization.
Best way to assess is by pentesting - answerAggregated Risk
Determines overall what is working well and what needs improvement. It is also a
Quantifiable Approach.
Continuous and steady Improvements
Trends report
Meaningful to the recipient
Statistics of security incidents
Measurement of ROI
Completed Control Objectives
Who am I? - answerMetrics
Strategy is built and approved by senior management. They base their decision on
Business Priorities.
, A plan of action or policy designed to achieve a major or overall aim.
Initially done to define which requirements/resources are needed.
Does NOT change that easily or often. - answerStrategy
Study of the way work (inputs, activities, and outputs) moves through an organization
Improves operational efficiency - answerWorkflow analysis
Performing and recording changes during software development and operation.
Manage Risk Scenarios
And is a Preventative Control
Scheduling (occurs outside of normal hours) - answerConfiguration Management (CM)
How to respond and resolve in real time
Frequent testing identifies gaps in the procedures.
Last Hint, it reminds me of sports.. - answerIncident Response Playbook
Measurement of probability and impact of the identified risks.
Used in BIA
Used in Security Awareness Programs - answerQuantitative Risk Analysis
Leads to significant impact
Costly and overly complicated to implement
Highly integrated systems are more susceptible to (blank) risk - answerCascading Risk
It is mechanism to measure quantitative financial risk. It measures the likelihood of
losing more than a specific dollar amount over a specific period of time.
Monte Carlo simulation = Mathematical possible outcomes of uncertain events. -
answerValue at Risk (VaR)
Claim without proof which leads to...
A claim that the data presented in the report is valid by digitally signing it using the
TPM's private key - answerAttestation
