Untitled Flashcards Set

What are step-by-step instructions designed to assist employees in following policies, standards, and guidelines called?

Procedures

What is the name of the worksheet that combines prioritized lists of assets and threats as a starting point for a risk assessment?

Threats-Vulnerabilities-Assets (TVA)

What is the process of implementing a formal program to continuously review and improve organizational efforts known as?

Continuous improvement

What is the process of assessing potential weaknesses in each information asset referred to as?

Threat assessment

What is a statement of the organization's position that influences decisions and actions called?

Policy

What are designed to modify employee behavior that endangers the security of the organization's information?

Security awareness and security training

What does the acronym CASP stand for in the context of a CompTIA security certification?

CompTIA Advanced Security Practitioner

What is a number that provides a relative risk associated with each vulnerable information asset called?

Risk rating

What is the process of addressing risk after it has been identified, assessed, and deemed unacceptable?

Risk treatment

What role combines the skills of a security technician and a security manager?

Security administrator

Who are the individuals accountable for the day-to-day operations of the InfoSec program?

Security managers

What type of document outlines the guidelines and principles governing an organization’s actions?

Policy

Which process aims to improve the efficiency and effectiveness of an organization's efforts continuously?

Continuous improvement

What term refers to the evaluation of a company's vulnerabilities to threat incidents?

Threat assessment

What type of training aims to raise awareness about the security of information?

Security awareness and security training

What is the designation for a certification that validates an expert-level security skill set?

CASP

What system is used to prioritize and evaluate information security risk?

Threats-Vulnerabilities-Assets (TVA)

What is a security professional primarily responsible for designing and implementing security measures in an organization?

Security administrator

Which assessment is necessary to determine the acceptable level of risk for an organization?

Risk rating

What do security managers oversee within an information security program?

Day-to-day operations of the InfoSec program