CISSP Domain 1

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/15

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

16 Terms

1
New cards

Threat Agent

Entity that has the potential to cause damage to an asset

2
New cards

Threat

Any potential danger

3
New cards

Vulnerability

A weakness in an asset that could be exploited by a threat

4
New cards

Risk

Significant exposure to a threat or vulnerability

5
New cards

Exposure/Impact

Negative consequences to an asset if the risk is realized (Loss of life, reputational damage, downtime)

6
New cards

Countermeasures and Safeguards

Controls implemented to reduce threat agents, threats, and vulnerabilities and reduce the negative impact of a risk being realized

7
New cards

Residual Risk

The risk that remains after countermeasures and safeguards (controls) are implemented

8
New cards

ALE = SLE(AV x EF) x ARO

Annualized Loss Expectancy (calculation)

9
New cards

Directive Control

Direct, confine, or control the actions of subjects to force or encourage compliance with security policies. An example is a fire exit sign.

10
New cards

Deterrent Control

Discourage violation of security policies. An example is a sign warning that a piece of land is private property and trespassers will be shot. Nothing prevents someone from walking past the sign, but its a good deterrent.

11
New cards

Preventive Control

Prevent undesired actions or events. For example, a fence that prevents someone from walking onto a private property. Or not having flammable materials around and therefore preventing a fire from starting.

12
New cards

Detective Control

Designed to identify if a risk has occurred. Importantly this control operates after an event has already occurred.

13
New cards

Corrective Control

Used to minimize the negative impact of a risk occurring—Minimizing the damage. They are used to alleviate the impact of an event that has resulted in a loss and to respond to incidents in a manner that will minimize risk. 

14
New cards

Recovery Control

Designed to recover a system or process and return to normal operation following an incident. An example is a data backup policy allowing restoration of data on an affected server after an incident has taken place.

15
New cards

Compensating Control

Typically deployed in conjunction with other controls to aid in enforcement and support of the other controls. However, this control can also be used in place of another control to provide the needed security. An Example is deploying a Host Intrusion Prevention System on a critical server, in addition to having a network Intrusion Protection System operating on that servers subnet. This way, if any offending traffic manages to slip by the NIPS tool, the HIPS on the server may still be able to prevent malware from damaging it.

16
New cards