Shared Flashcard Set

Details

CISSP Domain 1 2017
Domain 1
42
Other
Not Applicable
04/08/2017

Additional Other Flashcards

 


 

Cards

Term
Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment.
Definition
Administrative Controls
Term
An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year.
Definition
Annualized Rate of Occurrence (ARO)
Term
Authorizes the President to designate those items that shall be considered as defense articles and defense services and control their import and the export.
Definition
Arms Export Control Act of 1976
Term
The principle that ensures that information is available and accessible to users when needed.
Definition
Availability
Term
An incident that results in the disclosure or potential exposure of data.
Definition
Breach
Term
Controls that substitute for the loss of primary controls and mitigate risk down to an acceptable level.
Definition
Compensating Controls
Term
Actions that ensure behavior that complies with established rules.
Definition
Compliance
Term
Supports the principle of "least privilege" by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know basis.
Definition
Confidentiality
Term
Covers the expression of ideas rather than the ideas themselves; it usually protects artistic property such as writing, recordings, databases, and computer programs.
Definition
Copyright
Term
Controls implemented to remedy circumstance, mitigate damage, or restore controls.
Definition
Corrective: Controls
Term
A breach for which it was confirmed that data was actually disclosed (not just exposed) to an unauthorized party.
Definition
Data Disclosure
Term
Controls designed to signal a warning when a security control has been breached.
Definition
Detective Controls
Term
Controls designed to discourage people from violating security directives.
Definition
Deterrent Controls
Term
Controls designed to specify acceptable rules of behavior within an organization.
Definition
Directive Controls
Term
The care a "reasonable person" would exercise under given circumstances.
Definition
Due Care
Term
Is similar to due care with the exception that it is a pre-emptive measure made to avoid harm to other persons or their property.
Definition
Due Diligence
Term
A process designed to identify potential events that may affect the entity, manage risk so it is within its risk appetite, and provide reasonable assurance regarding the achievement of entity objectives.
Definition
Enterprise Risk Management
Term
Authorized the President to regulate exports of civilian goods and technologies that have military applications.
Definition
Export Administration Act of 1979





Export Administration Act of 1979
Term
Ensures the business focuses on core activities, clarifies who in the organization has the authority to make decisions, determines accountability for actions and responsibility for outcomes, and addresses how expected performance will be evaluated.
Definition
Governance
Term
A security event that compromises the confidentiality, integrity, or availability of an information asset.
Definition
Incident
Term
Comes in two forms; making sure that information is processed correctly and not modified by unauthorized persons, and protecting information as it transits a network.
Definition
Integrity
Term
Accountable for ensuring the protection of all of the business information assets from intentional and unintentional loss, disclosure, alteration, destruction, and unavailability.
Definition
Information Security Officer
Term
Granting users only the accesses that are required to perform their job functions.
Definition
Least Privilege
Term
Electronic hardware and software solutions implemented to control access to information and information networks.
Definition
Logical (Technical) Controls
Term
Protects novel, useful, and nonobvious inventions.
Definition
Patent
Term
Controls to protect the organization's people and physical environment, such as locks, fire management, gates, and guards; physical controls may be called "operational controls" in some contexts.
Definition
Physical Controls
Term
Controls implemented to prevent a security incident or information breach.
Definition
Preventive Controls
Term
Controls implemented to restore conditions to normal after a security incident.
Definition
Recovery Controls
Term
How quickly you need to have that application's information available after downtime has occurred.
Definition
Recovery Time Objective (RTO)
Term
The point in time to which data must be restored in order to successfully resume processing.
Definition
Recovery Point Objective (RPO)
Term
1. A combination of the probability of an event and its consequence (ISO 27000) 2. An expectation of loss expressed as the probability that a particular threat will exploit a particular vulnerability with a particular harmful result.(RFC 2828)
Definition
Risk
Term
The practice of accepting certain risk(s), typically based on a business decision that may also weigh the cost versus the benefit of dealing with the risk in another way.
Definition
Risk Acceptance
Term
The practice of coming up with alternatives so that the risk in question is not realized.
Definition
Risk Avoidance
Term
The practice of the elimination of or the significant decrease in the level of risk presented.
Definition
Risk Mitigation
Term
The practice of passing on the risk in question to another entity, such as an insurance company.
Definition
Risk Transfer
Term
A systematic process for identifying, analyzing, evaluating, remedying, and monitoring risk.
Definition
Risk Management
Term
Defined as the difference between the original value and the remaining value of an asset after a single exploit.
Definition
Single Loss Expectancy (SLE)
Term
Any single input to a process that, if missing, would cause the process or several processes to be unable to function.
Definition
Single Points of Failure (SPOF)
Term
Any word, name, symbol, color, sound, product shape, device, or combination of these that is used to identify goods and distinguish them from those made or sold by others.
Definition
Trademark
Term
Proprietary business or technical information, processes, designs, practices, etc., that are confidential and critical to the business.
Definition
Trade Secret
Term
Determines the potential impact of disruptive events on the organization's business processes.
Definition
Vulnerability Assessment
Term
Established to contribute to regional and international security and stability by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilizing accumulations.
Definition
Wassenaar Arrangement
Supporting users have an ad free experience!