Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Security + CompTIA
Domain 5: Risk Management
| Term | Definition |
|---|---|
| SLA | Service Level Agreement |
| BPA | Business Partner Agreement |
| MOU | Memorandum of understanding (not signed |
| ISA | Interconnection agreement - defines security controls especially when US fed Government are connecting to each other |
| SLA, BPA, MOU & ISA are types of these | interoperability agreements - help mitigate risk when dealing with third parties |
| Users that are responsible for creating or managing security policies | Executive users, data owners and system owners |
| RTO | Recovery Time Objective, target time you set for the recovery of your IT & Business activities after diaster |
| MTBF | Mean Time Between Failure average time before a product requires a repair |
| MTTR | Mean Time to Repair - average time it takes for a repair to take place, measured in hours |
| MTTF | Mean tim To Failure - often referred to as "uptime" "time a system is online between outages or failures |
| Privacy Threshold Assessment | determines whether a system can contain personal information |
| Privacy Impact Assessment | needed for any organization that collects, uses, stores or processes such information |
| Risk Assessment | function of threat vulnerability and impact |
| Risk = (equation) | Threat x Vulnerability x Impact |
| Risk Identification | includes asset identification, risk assessment, threat identification, classification and identification of vulnerabilities |
| ALE | Annualized Loss Expectancy |
| ALE Equation | SLE X ARO (Single Loss Expectancy X Annual Rate of Occurrence) |
| Change Management | discipline that guides how we prepare, equip, and support individuals to successfully adopt change |
| Incident Response Plans include | details surrounding incident categorization, prep roles, responsibilities, reporting requirements, escalation procedures, details on cyber incident response teams & training exercises |
| Incident Response Process | 1. Preparation 2. Identification 3. Containment 4. Eradication 4. Recovery 5. Post- Incident |
| Order of volatility | order in which evidence should be collected from most vulnerable to least volatile (ram & swap files being most volitale) |
| Chain of Custody | ensures evidence is properly handled |
| DRP | Disaster Recovery Plan - includes backup restoration, security recovery methods |
| Differential Backup | Backup of all data altered since last full backup. |
| Incremental | includes data changed since last incremental backup |
| Preventive Control | computer login notification |
| Compensating controls | used when a business or technological constraint exists and an alternate is effective in the current security threat landscape |
Created by:
Pillsburycreative
Popular Standardized Tests sets