HCISPP - Domain 1 - Risk Management and Risk Assessment Domain- Questions and Answers
Confidentiality CIA - only authorized people can access the data
Integrity CIA - holds that the data is accurate and unaltered
Availability CIA - data must be available upon need
CIA break down Confidentiality, Integrity, Availability
A lock on a safe provides what CIA Confidentiality
Backups provide what CIA Availability
Version control provides what CIA Integrity
These controls ensure data is accessible and useable upon demand Availability
The controls ensure that data has not been altered in an unauthorized manner Integrity
These controls prevent unauthorized disclosure of sensitive data Confidentiality
,What is upheld when the assurance of accuracy and reliability of information and systems is
provided and unauthorized modification of data is prevented? Integrity
The potential for loss, damage, or destruction of an ASSET as a result of a THREAT exploiting a
VULNERABILITY Risk
Asset Valuation can be what two categories Tangible or Intangible
Tangible things are physical things and easier to quantify TF True
Intangible things include information and are harder to quantify TF True
Natural, Technical, Environmental, Operational, and Human are examples of what?
Threats
A fire, flood, tornado, hurricane, snowstorm, or earthquake are examples of what type of
threat? Natural Threat
What type of threat includes a hardware or software failure, malicious code, new technologies?
Technical Threat
What type of threat is a hazardous waste or biological agent? Environmental Threat
, What type of threat is a process that affects confidentiality, integrity, or availability?
Operational Threat
What type of threat can be intentional or unintentional, malicious outsider or insider, or human
error? Human Threat
What are weaknesses that a threat can exploit? Vulnerabilities
Refers to the amount or extent of damage that a specific threat or vulnerability may have on
the organization. Exposure
The chance or probability that a specific threat could act upon a weakness. Liklihood
Consequence is also considered the Impact
When a threat acts on a vulnerability, the resulting effect is the Consequence or Impact
The effect of a consequence can cause what types of effects Quantitative or Qualitative
Risk = Likelihood x Consequence
Confidentiality CIA - only authorized people can access the data
Integrity CIA - holds that the data is accurate and unaltered
Availability CIA - data must be available upon need
CIA break down Confidentiality, Integrity, Availability
A lock on a safe provides what CIA Confidentiality
Backups provide what CIA Availability
Version control provides what CIA Integrity
These controls ensure data is accessible and useable upon demand Availability
The controls ensure that data has not been altered in an unauthorized manner Integrity
These controls prevent unauthorized disclosure of sensitive data Confidentiality
,What is upheld when the assurance of accuracy and reliability of information and systems is
provided and unauthorized modification of data is prevented? Integrity
The potential for loss, damage, or destruction of an ASSET as a result of a THREAT exploiting a
VULNERABILITY Risk
Asset Valuation can be what two categories Tangible or Intangible
Tangible things are physical things and easier to quantify TF True
Intangible things include information and are harder to quantify TF True
Natural, Technical, Environmental, Operational, and Human are examples of what?
Threats
A fire, flood, tornado, hurricane, snowstorm, or earthquake are examples of what type of
threat? Natural Threat
What type of threat includes a hardware or software failure, malicious code, new technologies?
Technical Threat
What type of threat is a hazardous waste or biological agent? Environmental Threat
, What type of threat is a process that affects confidentiality, integrity, or availability?
Operational Threat
What type of threat can be intentional or unintentional, malicious outsider or insider, or human
error? Human Threat
What are weaknesses that a threat can exploit? Vulnerabilities
Refers to the amount or extent of damage that a specific threat or vulnerability may have on
the organization. Exposure
The chance or probability that a specific threat could act upon a weakness. Liklihood
Consequence is also considered the Impact
When a threat acts on a vulnerability, the resulting effect is the Consequence or Impact
The effect of a consequence can cause what types of effects Quantitative or Qualitative
Risk = Likelihood x Consequence
