Memorandum of understanding (not signed

Interconnection agreement - defines security controls especially when US fed Government are connecting to each other

SLA, BPA, MOU & ISA are types of these

interoperability agreements - help mitigate risk when dealing with third parties

Users that are responsible for creating or managing security policies

Executive users, data owners and system owners

Recovery Time Objective, target time you set for the recovery of your IT & Business activities after diaster

Mean Time Between Failure average time before a product requires a repair

Mean Time to Repair - average time it takes for a repair to take place, measured in hours

Mean tim To Failure - often referred to as "uptime" "time a system is online between outages or failures

Privacy Threshold Assessment

determines whether a system can contain personal information

Privacy Impact Assessment

needed for any organization that collects, uses, stores or processes such information

function of threat vulnerability and impact

Threat x Vulnerability x Impact

includes asset identification, risk assessment, threat identification, classification and identification of vulnerabilities

SLE X ARO (Single Loss Expectancy X Annual Rate of Occurrence)

discipline that guides how we prepare, equip, and support individuals to successfully adopt change

Incident Response Plans include

details surrounding incident categorization, prep roles, responsibilities, reporting requirements, escalation procedures, details on cyber incident response teams & training exercises

Incident Response Process

1. Preparation 2. Identification 3. Containment 4. Eradication 4. Recovery 5. Post- Incident

order in which evidence should be collected from most vulnerable to least volatile (ram & swap files being most volitale)

ensures evidence is properly handled

Disaster Recovery Plan - includes backup restoration, security recovery methods

Backup of all data altered since last full backup.

includes data changed since last incremental backup

Compensating controls

used when a business or technological constraint exists and an alternate is effective in the current security threat landscape

Help

Options

focusNode

Didn't know it?
click below

Knew it?
click below

Don't Know

Remaining cards (0)

Know

retry

shuffle

restart

0:00

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

Normal Size Small Size show me how

Security + CompTIA

Domain 5: Risk Management

Term	Definition
SLA	Service Level Agreement
BPA	Business Partner Agreement
MOU	Memorandum of understanding (not signed
ISA	Interconnection agreement - defines security controls especially when US fed Government are connecting to each other
SLA, BPA, MOU & ISA are types of these	interoperability agreements - help mitigate risk when dealing with third parties
Users that are responsible for creating or managing security policies	Executive users, data owners and system owners
RTO	Recovery Time Objective, target time you set for the recovery of your IT & Business activities after diaster
MTBF	Mean Time Between Failure average time before a product requires a repair
MTTR	Mean Time to Repair - average time it takes for a repair to take place, measured in hours
MTTF	Mean tim To Failure - often referred to as "uptime" "time a system is online between outages or failures
Privacy Threshold Assessment	determines whether a system can contain personal information
Privacy Impact Assessment	needed for any organization that collects, uses, stores or processes such information
Risk Assessment	function of threat vulnerability and impact
Risk = (equation)	Threat x Vulnerability x Impact
Risk Identification	includes asset identification, risk assessment, threat identification, classification and identification of vulnerabilities
ALE	Annualized Loss Expectancy
ALE Equation	SLE X ARO (Single Loss Expectancy X Annual Rate of Occurrence)
Change Management	discipline that guides how we prepare, equip, and support individuals to successfully adopt change
Incident Response Plans include	details surrounding incident categorization, prep roles, responsibilities, reporting requirements, escalation procedures, details on cyber incident response teams & training exercises
Incident Response Process	1. Preparation 2. Identification 3. Containment 4. Eradication 4. Recovery 5. Post- Incident
Order of volatility	order in which evidence should be collected from most vulnerable to least volatile (ram & swap files being most volitale)
Chain of Custody	ensures evidence is properly handled
DRP	Disaster Recovery Plan - includes backup restoration, security recovery methods
Differential Backup	Backup of all data altered since last full backup.
Incremental	includes data changed since last incremental backup
Preventive Control	computer login notification
Compensating controls	used when a business or technological constraint exists and an alternate is effective in the current security threat landscape

Created by: Pillsburycreative

Popular Standardized Tests sets

RID study materials for NIC written test

AICP Plan Making

AICP Exam 2011

study for exam

Review of Famous Planners for AICP Exam

Acronyms for NIC Written.

From APA Study Notes

National Interpreter Certification a few of the written test laws to know

AICP Legal Precedent, Historical Figures, Population Estimation Etc.

Study material for TExES 154 Supp. Certification

Chester Math Review

More vocab for NIC Written

"Know" box contains:
Time elapsed:
Retries: