SEARCH
🇬🇧
MEM
O
RY
.COM
4.37.48
Guest
Log In
Â
Homepage
0
0
0
0
0
Create Course
Courses
Last Played
Dashboard
Notifications
Classrooms
Folders
Exams
Custom Exams
Help
Leaderboard
Shop
Awards
Forum
Friends
Subjects
Dark mode
User ID: 999999
Version: 4.37.48
www.memory.com
You are in browse mode. You must login to use
MEM
O
RY
  Log in to start
Index
 »Â
Security +
 »Â
Chapter 1
 »Â
Ch 1: Managing Risk/Ch 2: Monitoring & Diagnosing Networks Terms
level: Ch 1: Managing Risk/Ch 2: Monitoring & Diagnosing Networks Terms
Questions and Answers List
Managing Risk - Vocab
level questions: Ch 1: Managing Risk/Ch 2: Monitoring & Diagnosing Networks Terms
Question
Answer
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and internet access.
acceptable use policy/rules of behavior
A calculation used to identify risks and calculate the expected loss each year.
annual loss expectancy (ALE)
A calculation of how often a threat will occur.
annualized rate of occurrence (ARO)
The assessed value of an item (server, property, and so on) associated with cash flow.
asset value (AV)
A study of the possible impact if disruption to a business's vital resources were to occur.
business impact analysis (BIA)
An agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses.
business partners agreement
The potential percentage of loss to an asset if a threat is realized.
exposure factor (EF)
intended to minimize security risks and ensure the confidentiality, integrity, and availability of the sensitive but unclassified information of a federal agency (Organization A) as well as the information that is owned by an external organization (Organization B) that has a network interconnection1 with Organization A.
interconnection security agreement (ISA)
The maximum period of time that a business process can be down before the survival of the organization is at risk.
maximum tolerable downtime (MTD)
the measurement of the anticipated lifetime of a system or component.
mean time between failures (MTBF)
The measurement of the average of how long it takes a system or component to fail.
mean time to failure (MTTF)
The measurement of how long it takes to repair a system or component once a failure occurs.
mean time to restore (MTTR)
(MOU term used mostly) A document between 2 or more parties defining their responsibilities in accomplishing a particular goal or mission.
memorandum of understanding (MOU)/ memorandum of agreement (MOA)
The age of files that must be recovered from backup storage for normal operations to resume if a computer, system, or network goes down as a result of a hardware, program, or communications failure.
recovery point objective (RPO)
The maximum amount of time that a process or service is allowed to be down and the consequences still be considered acceptable.
recovery time objective (RTO)
A configuration of multiple hard disks used to provide fault tolerance should a disk fail. Different levels of RAID exist.
redundant array of independent disk (RAID)
The probability that a particular threat will occur, either accidentally or intentionally, leaving a system vulnerable and the impact of this occurring.
risk
A strategy of dealing with risk in which it is decided the best approach is simply to accept the consequences should the threat happen.
risk acceptance
An evaluation of each risk that could be identified. Each dish should be outlined, described, and evaluated on the likelihood of its occurring.
risk analysis
An evaluation of the possibility of a threat or vulnerability existing. An assessment must be performed before any other actions can be decided (e.g, how much to spend on security terms of dollars and manpower.
risk assessment
A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk.
risk avoidance
The process of calculating the risks that exist in terms of cost, number, frequency, and so forth.
risk calculation
A strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk.
risk deterrence
A strategy of dealing with risk in which it is decided that the best approach is to lessen the risk.
risk mitigation
A strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk though insurance, third-party contracts, and/or shared responsibility.
risk transference
An agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and mean time to repair (MTTR) as performance measures in the SLA.
service-level agreement (SLA)
The cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack.
single loss expectancy (SLE)
A single weakness that is capable of bringing an entire system down.
single point of failure (SPOF)
A flaw or weakness in some part of a system's security procedures, design, implementation. or internal controls that could expose it danger (accidental or intentional) and result in a violation of the security policy.
vulnerability
