Quiz

A mail server that has a vulnerability which involves a hardware failure with a likelihood of 0.4. The mail server has an impact rating of 80. One control has been implemented that reduces the impact of the vulnerability by 50%. Assumptions made on this asset have an 70% certainty.

____ is the percentage of value an asset lost due to an incident.

____ policies are more specific to the operation of a system than ACLs, and they may or may not deal with users directly.

Risk __ is the application of controls to reduce the risks to an organization’s data and information systems.

__ equals likelihood of vulnerability occurrence times value (or impact) minus percentage risk already controlled plus an element of uncertainty.

Person or element that has the power to carry out a threat

The formal decision making process used when considering the economic feasibility of implementing information security controls and safeguards is called a __.

The actions an organization can and perhaps should take while an incident is in progress should be specified in a document called the __ plan.

__ is simply how often you expect a specific type of attack to occur.

There are individuals who search trash and recycling — a practice known as __ — to retrieve information that could embarrass a company or compromise information security.

The __ strategy attempts to shift risk to other assets, other processes, or other organizations.

__ policies address the particular use of certain systems.

In a __, each information asset is assigned a score for each of a set of assigned critical factor.

Risk __ defines the quantity and nature of risk that organizations are willing to accept as they evaluate the tradeoffs between perfect security and unlimited accessibility.

In the U.S. Military classification scheme, __ data is any information or material the unauthorized disclosure of which reasonably could be expected to cause damage to the national security.

__ plans usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the smoke clears, the dust settles, or the floodwaters recede.

Many corporations use a __ to help secure the confidentiality and integrity of information.

The __ strategy attempts to prevent the exploitation of the vulnerability.

The __ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

__ is any technology that aids in gathering information about a person or organization without their knowledge.

Acts of __ can lead to unauthorized real or virtual actions that enable information gatherers to enter premises or systems they have not been authorized to enter.

A __ is an attack in which a coordinated stream of requests is launched against a target from many locations at the same time.

One form of online vandalism is __ operations, which interfere with or disrupt systems to protest the operations, policies, or actions of an organization or government agency.

In the well-known __ attack, an attacker monitors (or sniffs) packets from the network, modifies them, and inserts them back into the network.

__ are machines that are directed remotely (usually by a transmitted command) by the attacker to participate in an attack.

In a __ attack, the attacker sends a large number of connection or information requests to a target.

__ are software programs that hide their true nature, and reveal their designed behavior only when activated.

The __ is a methodology for the design and implementation of an information system in an organization.

A computer is the __ of an attack when it is used to conduct the attack.

The __ is the individual primarily responsible for the assessment, management, and implementation of information security in the organization.

The first phase in the development of the contingency planning process is the __.

__-based IDPSs look at patterns of network traffic and attempt to detect unusual activity based on previous baselines.

A buffer against outside attacks is frequently referred to as a __.

The __ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.

A __ site provides only rudimentary services and facilities.

A(n) __ plan deals with the identification, classification, response, and recovery from an incident.

__ often function as standards or procedures to be used when configuring or maintaining systems.