Create
Learn
Share

Domain 1 Security and Risk Management

rename
klct555's version from 2017-06-19 20:18

Domain 1 Security and Risk Management

Question Answer
Administrative ControlsProcedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment.
Annualized Rate of Occurrence (ARO)An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year.
Arms Export Control Act of 1976Authorized the President to designate those items that shall be considered as defense articles and defense services and control their import and the export.
AvailabilityThe principle that ensure that information is available and accessible to users when needed.
BreachAn incident that results in the disclosure or potential exposure of data.
Compensating ControlsControls that substitute for the loss of primary controls and mitigate risk down to an acceptable level.
ComplianceActions that ensure behavior that complies with established rules.
ConfidentialitySupports the principle of “ least privilege” by providing that only authorized individual, process, or systems should have access to information on a need-to-know basis.
CopyrightCovers the expression of idea rather then the idea themselves; it usually protect artistic property such as writing, recordings, databases, and computer programs.
Corrective ControlsControls implemented to remedy circumstance, mitigate damage, or restore controls.
Data DisclosureA breach for which is was confirmed that data was actually disclosed ( not just exposed) to an unauthorized party.
Detective ControlsControls designed to signal a warning when a security control has been breached.
Deterrent ControlsControls designed to discourage people from violating security directives.
Directive ControlsControls designed to specify acceptable rule of behavior within an organization.
Due CareThe car a “reasonable person” would exercise under given circumstances.
Due DiligenceIs similar to due care with the expectation that it is a pre-emptive measure made to avoid harm to other persons or their property.
Enterprise Risk ManagementA process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, and provide reasonable assurance regarding the achievement of entity objective.
Export Administration Act of 1979Authorized the President to regulate exports of civilian goods and technologies that have military applications.
GovernanceEnsures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for actions and responsibility for outcomes, and addresses how expected performance will be evaluated.
IncidentA security event that compromises the confidentiality, integrity, or availability of an information asset.
IntegrityComes in two forms; making sure that information is processed correctly and not modified by unauthorized persons, and protecting information as it transits a network.
Information Security Officer Accountable for ensuring the protection of all of the business information assets from intentional and unintentional loss, disclosure, alteration, destruction, and unavailability.
Least PrivilegeGranting users only the accesses that are required to perform their job function.
Logical (Technical) ControlsElectronic hardware and software solutions implemented to control access to information and information networks.
PatentProtects novels, useful, and nonobvious inventions.
Physical ControlsControls to protect the organization’s people and physical environment, such as locks, fire management, gates, and guards; physical controls may be called “ operational controls” in some contexts.
Preventive ControlsControls implemented to prevent a security incident or information breach.
Recovery ControlsControls implemented to restore conditions to normal after a security incident.
Recovery Time Objective (RTO)How quickly you need to have that application's information available after downtime has occurred.
Recovery Point Objective (RPO)The point in time to which data must be restored in order to successfully resume processing.
Risk“1. A combination of the probability of an event and its consequence (ISO 27000) 2. An expectation loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful results. (RFC 2828)”.
Risk AcceptanceThe practice of accepting certain risk(s), typically based on a business decision tha may also weigh the cost versus the benefit of dealing with the risk in another way.
Risk AvoidanceThe practice of coming up with alternatives so that the risk in question is not realized.
Risk MitigationThe practice of the elimination of or the significant decrease in the level of risk presented.
Risk TransfersThe practice of passing on the risk in question to another entity, such as an insurance company.
Risk ManagementA systematic process for identifying, analyzing, evaluating, remedying, and monitoring risk.
Single Loss Expectancy (SLE)Defined as the difference between the original value and the remaining value of an asset after a single exploit.
Single Point of Failure (SPOF)Any single input to a process that, if missing, would cause the process or several processes to be unable to function.
TrademarkAny word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others.
Trade SecretProprietary business or technical information, processes, designs practices, tec., that are confidential and critical to the business.
Vulnerability AssessmentDetermines the potential impact of disruptive events on the organization's business process.
Wassenaar ArrangementEstablished to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations.
memorize

Recent badges