____________________ is the process of identifying risk, as represented by vulnerabilities, to an organization's information assets and infrastructure, and taking steps to reduce this risk to an acceptable level.
Risk management
____________________ include information and the systems that use, store, and transmit information.
assets
Using the simplified information classification scheme outlined in the text, all information that has been approved by management for public release has a(n) ____________________ classification.
External
A(n) ____________________ policy requires that employees secure all information in appropriate storage containers at the end of each day.
Clean Desk
____________________ is the process of assigning financial value or worth to each information asset.
Asset Valuation
You can determine the relative risk for each of the organization's information assets by a process called risk ____________________.
assessment
____________________ is the probability that a specific vulnerability within an organization's assets will be successfully attacked.
Likelihood
The combination of an asset's value and the percentage of the asset that might be lost in an attack is known as the ____________________.
Loss magnitude
The ____________________ control strategy is the risk control strategy that attempts to eliminate or reduce any
remaining uncontrolled risk through the application of additional controls and safeguards.
defense
The ____________________ control strategy attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation.
mitigation
Of the three types of mitigation plans, the ____________________ plan is the most strategic and long term, as it focuses on the steps to ensure the continuation of the organization.
Business Continuity
Cost ____________________ is the process of preventing the financial impact of an incident by implementing a control.
Avoidance
A single loss ____________________ is the calculation of the value associated with the most likely loss from an attack.
expectancy
____________________ is the process of comparing other organizations' activities against the practices used in one's own organization to produce results it would like to duplicate..
Benchmarking
The difference between an organization's observed and desired performance is often referred to as a ____________________.
performance gap
Risk _______ is a determination of the extent to which an organization's information assets are exposed to risk.
assessment
Risk ________ is the enumeration and documentation of risks.
identification
Risk ______ defines the quantity and nature of risk that organizations are willing to accept.
appetite
________ risk is the amount of risk remaining after controls are applied.
Residual
__________ is an evaluation of the threats to information assets.
Threat assesment
If your industry was typically targeted by hackers three times a year. The likelihood would be _______ percent.
300
Creating a/n ______ of information assets is a critical step in understanding what the organization is protecting.
inventory
A/n ________ analysis is an economic feasibilty study.
cost-benefit
The _____ control attempts to shift residual risk.
transfer
The ______ control is the decision to do nothing about residual risk.
acceptance