Administrative Control

referred to as "soft controls" examples are: security documentation, risk management, personal security, training

referred to as "logical controls" examples are: software or hardware components, firewalls, IDS, IPS,encryption etc

put in place to protect facility, personnel or resources examples: Security Guards, Locks, Fencing, Lighting

Control Countermeasure

Control put into place to mitigate a potential risk

An instance of being exposed to losses

The likelihood of a threat source exploiting a vulnerability and the corresponding business impact

An entity that takes advantage of a vulnerability

Any potential danger that is associated with the exploitation of a vulnerability

A weakness: a lack of a safegard

Protective mechanisms to secure vulnerablilities

Risk event that comes as a result of another risk response

The amount of risk left over after a risk response

Unplanned Response (for unidentified risk or when other responses don't work.)

The branches that are created by each decision point of an attack .

A method of identifying vulnerabilities and threats and assessing the possible impacts to determine where to implement security controls.

An organization took all reasonable measures to prevent security breaches and also took steps to mitigate damages caused by successful breaches.

An organization investigated all vulnerabilities. This includes performing audits and assessments to ensure that the organization is protected.

Help

Options

focusNode

Didn't know it?
click below

Knew it?
click below

Don't Know

Remaining cards (0)

Know

retry

shuffle

restart

0:00

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

Normal Size Small Size show me how

Control Types(Ch 1)

Control Types(Ch 1 - CISSP)

Term	Definition
Administrative Control	referred to as "soft controls" examples are: security documentation, risk management, personal security, training
Technical Control	referred to as "logical controls" examples are: software or hardware components, firewalls, IDS, IPS,encryption etc
Physical Control	put in place to protect facility, personnel or resources examples: Security Guards, Locks, Fencing, Lighting
Control Countermeasure	Control put into place to mitigate a potential risk
Exposure	An instance of being exposed to losses
Risk	The likelihood of a threat source exploiting a vulnerability and the corresponding business impact
Threat Agent	An entity that takes advantage of a vulnerability
Threat	Any potential danger that is associated with the exploitation of a vulnerability
Vulnerability	A weakness: a lack of a safegard
Exploit	Instance of compromise
Controls	Protective mechanisms to secure vulnerablilities
Secondary Risks	Risk event that comes as a result of another risk response
Residual Risk	The amount of risk left over after a risk response
Fallback Plan	"Plan B"
Workaround	Unplanned Response (for unidentified risk or when other responses don't work.)
Attack Tree	The branches that are created by each decision point of an attack .
Risk Assessment	A method of identifying vulnerabilities and threats and assessing the possible impacts to determine where to implement security controls.
Due Care	An organization took all reasonable measures to prevent security breaches and also took steps to mitigate damages caused by successful breaches.
Due Diligence	An organization investigated all vulnerabilities. This includes performing audits and assessments to ensure that the organization is protected.

Created by: Dks0512

Popular Computers sets

Definitions for Word Processing and the main parts of the MS Word 2010 window

WP Page Formatting

WP Paragraph Formatting terms

Review business letter parts

Review the three paragraph formats (block, indented, hanging indent)

WP font formatting features in Word 2010

Arkansas CBA unit 1 Hardware

"Know" box contains:
Time elapsed:
Retries: