Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
22 Cards in this Set
- Front
- Back
|
ALE |
Annual loss expectancy - how much of a loss you can expect in a year |
|
|
SLE |
Single loss expectancy - how much you expect to lose at any one time. Made up of asset value and exposure Factor. |
|
|
ARO |
Annualized rate of occurrence - the likelihood of an event occurring within a year |
|
|
What is the formula to compute risk assessment? |
SLE x ARO = ALE |
|
|
What is the difference between quantitative and qualitative risk assessment? |
Qualitative is opinion-based and subjective while quantitative is cost-based and objective. |
|
|
Threat Vector |
The method in which an attacker poses a threat. Such as a tool or phishing site. |
|
|
MTBF |
Mean time between failures - the measure of time for the anticipated failure of a system or component. |
|
|
MTtF |
Mean time to failure - the average time to failure for a non-repairable system. |
|
|
MTTR |
Mean time to restore - the measurement of how long it takes to repair a system or component once a failure occurs. |
|
|
RTO |
Recovery time objective - the maximum amount of time that a process or service is allowed to be down. |
|
|
RTO |
Recovery Point objective - defines the point at which the system needs to be restored. |
|
|
Risk avoidance |
Identifying a risk and making the decision not to engage any longer and actions associated with that risk |
|
|
Risk transference |
Sharing some of the burden of the risk with another entity such as an insurance company |
|
|
Risk mitigation |
Actions to reduce risk |
|
|
Risk deterrence |
Understanding something about the enemy and letting them know the harm that can come their way if they cause any harm |
|
|
Risk acceptance |
When the cost of implementing any other choices exceeds the value of the harm that would occur |
|
|
PaaS |
Platform-as-a-service - also known as Cloud platform services. Vendors allow apps to be created and run on their infrastructure |
|
|
SaaS |
Software-as-a-service - essentially cloud computing. When applications are remotely run over the web |
|
|
IaaS |
Infrastructure-as-a-service - utilizes virtualization and clients pay an outsourcer for resources used |
|
|
What are risk related issues associated with cloud computing |
Regulatory Compliance, user privileges, data integration/segregation |
|
|
Risks associated with virtualization |
Breaking out of the virtual machine, Networking security controls can intermingle |
|
|
Hypervisor |
The software that allows the virtual machine to exist. For example VMware |
