Comptia Security + - Risk Management

Standard Operating Procedures (SOPs)

specific sets of written instructions about how to perform a certain aspect of a task

Interoperability Agreements

Legal Documents that need to be put in place before you engage services or interact with 3rd parties

Service Level Agreement (SLA)

formal contract between customers and their service providers that defines the specific responsibilities of the service provider and the level of service expected by the customer

Business Partners Agreement (BPA)

An agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses.

Interconnection Security Agreement (ISA)

An agreement between parties to establish procedures for mutual cooperation and coordination between them with respect to security requirements associated with their joint project.

Memorandum of Understanding (MOU)

An agreement between two or more parties to enable them to work together that is not legally enforceable but is more formal than an unwritten agreement.

Memorandum of Agreement (MOA)

General areas of conditional agreement between two or more parties

Documents the exchange of services

Business Policies

statements of purpose that will define the way a business goes about achieving its goals. A successful set of policies set limits to business activity and encourage initiative.

Separation of Duties

The practice of requiring that processes should be divided between two or more individuals.

Clean Desk Policy

An organizational policy that specifies employees must inspect their work areas and ensure that all classified information, documents, and materials are secured at the end of every work day.

Background Checks

procedures used to verify the truthfulness and accuracy of information that applicants provide about themselves and to uncover negative, job-related background information not provided by applicants

Adverse Action

an action taken against an applicant, such as turning the applicant down for the job

Non-Disclosure Agreement (NDA)

a legal contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes but wish to restrict access to or by third parties

Acceptable Use Policy (AUP)

Requires a user to agree to follow it to be provided access to corporate email, information systems, and the Internet

Exit Interview

A meeting of a departing employee with the employee's supervisor and/or a human resource specialist to discuss the employee's reasons for leaving.

Data Owner

The individual(s), normally a manager or director, who has responsibility for the integrity, accurate reporting and use of computerized data

System Administrator

a person in charge of managing and maintaining a computer system of telecommunication system (as for a business or institution)

System Owner

Person or organization having responsibility for the development, procurement, integration, modification, operation and maintenance, and/or final disposition of an information system.

User

Application user that has the least privileged access to the application and data

Privileged User

A user who has special security and access to a system, such as the right to assign passwords

Executive User

A user who is responsible for the overall operation of the application and makes high leveled decisions in accordance with goals and future directions of the companu

Social Media Policies

Employees who use social media in a way that violates their employer's stated policies may be disciplined or fired from their jobs.

Mean Time To Restore (MTTR)

The average time needed to reestablish services to their former state.

Mean Time To Failure (MTTF)

The average amount of time a device is expected to operate before encountering a failure.

Mean Time Between Failures (MTBF)

A statistical value that is the average time until a component fails, cannot be repaired, and must be replaced.

Recovery Time Objective (RTO)

the maximum tolerable time to restore an organization's information system following a disaster, representing the length of time that the organization is willing to attempt to function without its information system

Recovery Point Objective (RPO)

the amount of data the organization is willing to reenter or potentially lose

Mission-Essential Functions

Operations that are core to the success of the business

Impact Analysis

The assessment of change to the layers of development documentation, test documentation and components, in order to implement a given change to specified requirements.

Privacy Threshold Analysis

An analysis that determines and identifies if any business processes are privacy sensitive and thus determines if a privacy impact assessment is required

Privacy Impact Assessment (PIA)

An assessment that determines the impact on the privacy of the individuals whose data is being stored, and ensures that the organization has sufficient security controls applied to be within compliance of applicable laws or standards.

Annualized Rate of Occurrence (ARO)

An estimate of how often a threat will be successful in exploiting a vulnerability over the period of a year.

Single Loss Expectancy (SLE)

The expected monetary loss every time a risk occurs.

Annual Loss Expectancy (ALE)

A calculation used to identify risks and calculate the expected loss each year.

ALO x SLE

Risk Register

A document in which the results of risk analysis and risk response planning are recorded.

Supply Chain Assessment

An assessment of the processes by which organizations receive necessary goods and services from third parties.

Quantitative Risk Analysis

A complex analysis technique that uses a mathematical approach to numerically analyze the probability and impact of risk events.

Qualitative Risk Analysis

An examination and prioritization of the risks based on their probability of occurring and the impact on the project if they do occur. Qualitative risk analysis guides the risk reaction process.

Quantitative Risk Assessment

An assessment that measures risk by using exact monetary values.

Qualitative Risk Assessment

An assessment that assigns numeric values to the probability of a risk and the impact it can have on the system or network.

Business Impact Analysis (BIA)

An analysis of the most important mission-critical business functions, which identifies and quantifies the impact such a loss of the functions may have on the organization in terms of its operational and financial position.

Risk-Avoidance

A risk response strategy whereby the project team acts to eliminate the threat or protect the project from its impact.

Transference

A risk response strategy whereby the company purchases insurance from a 3rd party vendor as a means to mitigate any risk to the whole company

Acceptance

A risk response strategy where you accept all risk as a business decision

Mitigation

the action of reducing the severity, seriousness, or impact of a vulnerability on a system

Change Management Process

the sequence of steps that a manager would follow for the successful implementation and adoption of change

Security Incident

A specific instance of a risk event occurring, whether or not it causes damage.

Incident Categories

1. External/Removable Media

- attack used removable media

2. Attrition

- A brute-force attack

3. Web

- Attack executed from a web site or web-based application

4. Email

- Attack executed from an email message or attachment

5. Improper Usage

- Attack resulted from a violation of the Acceptable Use Policy

6. Loss or theft of equipment

7. Other

Incident Response Team

The team that manages and executes the IR plan by detecting, evaluating, and responding to incidents.

Incident Notification

Contact List of people whom you will reach out to based on a specific incident

Cyber-Incident Response Team

A group responsible for receiving, reviewing, and responding to security incidents.

Order of Volatility

The sequence of volatile data that must be preserved in a computer forensic investigation

Chain of Custody

a written record of all people who have had possession of an item of evidence

Legal Hold

A court order to preserve data for the purposes of an investigation. Upon receipt of a legal hold notification, a company is required to activate a defensible policy for the preservation of the data.

Capture System Image

Having an exact duplicate of the contents of a disk by using software imaging tools

Traffic Logs

Reports produced from software on your web server or provided by the company hosting your web site that tell you the domain of your visitors and their referring pages

Capture Video

Using a video camera to clearly document the entire process of a forensics investigation

Recording Time Offsets

Recording and knowing the time zone differences of the operating system

Take Hashes

Taken prior to imaging. Taken again on the resultant image file to confirm they are both identical.

MD5, SHA1, SHA256, or SHA512.

If one letter in an entire dictionary is changed, the hash would be different.

Cyclical Redundancy Check (CRC)

A method to ensure data has not been altered after being sent through a communication channel

Strategic Intelligence

information about the changing nature of certain problems and threats for the purpose of developing response strategies and reallocating resources

Cold Site

A separate facility that does not have any computer equipment, but is a place where employees can move after a disaster

Warm Site

A remote site that contains computer equipment but does not have active Internet or telecommunication facilities, and does not have backups of data.

Hot Site

A separate and fully equipped facility where the company can move immediately after a disaster and resume business

Order of Restoration

The sequence in which different systems are reinstated or have a higher priority of recovery

Archive Attribute

Attribute of a file that shows whether the file has been backed up since the last change. Each time a file is opened, changed, or saved, the archive bit is turned on. Some types of backups turn off this archive bit to indicate that a good backup of the file exists on tape.

Full Backup

a backup that copies all data to the archive medium

Incremental Backup

Backup that copies only the changed data since the last backup

Differential Backup

A type of partial backup that involves copying all changes made since the last full backup. Thus, each new differential backup file contains the cumulative effects of all activity since the last full backup.

Off-site Backup

an additional copy of the backup files stored in an off-site location either physically or electronically

Data Sovereignty

A term that refers to the legal implications of data stored in different countries. It is primarily a concern related to backups stored in alternate locations via the cloud.

Tabletop Exercise

Exercises that simulate an emergency situation but in an informal and stress-free environment

After-Action Report

retrospective analysis used to evaluate emergency response drills

Failover

a specific type of fault tolerance, occurs when a redundant storage server offers an exact replica of the real-time data, and if the primary server crashes, the users are automatically directed to the secondary server or backup server

Technical Control Types

Using systems and software inside of infrastructure to be able to limit the impact or prevent a security event

Administrative Control Types

controls that determine how people act such as Security Policies and Standard Operating Procedures

Physical Control Types

controls that physically separate people from the systems

Deterrent security control

Used to dissuade or deter attacks

Preventive security control

controls that take preventive measure in ensuring events or incidents do not occur

Detective Security Control

Used to monitor and/or send alerts about activity

Compensating Security Controls

controls that allow you to restore systems back to operational status

Corrective security controls

controls that are designed to mitigate damage done to a system

Personally Identifiable Information (PII)

any data that can be used to identify, locate, or contact an individual

Protected Health Information (PHI)

Individually identifiable health information that is transmitted or maintained by electronic media.

Data Steward

responsible for ensuring the policies and procedures are implemented across the organization and acts as a liaison between the MIS department and the business

Data Custodian

responsible for storage, maintenance, and protection of information

Privacy Officer

a person designated to ensure compliance with privacy standards for a covered entity

Data Retention

Refers to the policies that govern data and records management for meeting internal, legal and regulatory data archival requirements.

Archive Bit

a bit used to determine whether or not a file has been altered