Risk Management

0.0(0)
studied byStudied by 0 people
0.0(0)
full-widthCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/29

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

30 Terms

1
New cards

First Step to Risk Assessment

Identify all potential risks

2
New cards

Potential Risk that Cant Be Checked by Vuln Scan

Untrained end users

3
New cards

Intrusive Test

Actively interacts with the system

4
New cards

Non-Intrusive Testing

Passively identifies vulnerabilities, does not exploit them.

5
New cards

Packet Sniffing

Monitoring and capturing data from a traveling packet moving through a network. Known to be advertised for spying on users.

6
New cards

Password Cracker

Uses methods such as brute-force/rainbow tables.

7
New cards

Honey Pot

A trap system that’s purposely meant to be attacked/exploited by hackers to analyze and collect data from.

8
New cards

WHOIS

A resource to find domain names, IP addresses, etc.

9
New cards

Risk Management

The process of identifying, analyzing, and mitigating (monitoring/responding) threats to a system or digital assets

10
New cards

Race Condition

A situation where the proper sequence of multiple operations is important

11
New cards

System Sprawl

A hasty expansion of systems where the growth exceeds documentation.

12
New cards

Buffer Overflow

A situation where too much data may cause data corruption.

13
New cards

End-Of-Life

Hardware/Software that is no longer being updated or supported by the company. Not a programming error.

14
New cards

Input Handling

A process of securing data processes from users or sources, prevents attack such as SQL injections and XSS (cross-site scripting).

15
New cards

Integer Overflow

Software error where the calculation is way larger than the maximum variable capacity.

16
New cards

Error Handling

Managing errors in code to prevent exploiting from attackers.

17
New cards

Risk Mitigation

Risk response involving taking steps to reduce risk

18
New cards

Risk Transfer

Letting a third-party also handle the responsibility of a risk.

19
New cards

SLE

Single Loss Expectancy

Formula: Asset Value (AV) multiplied by Exposure Factor (EF)

20
New cards

ARO

Annualized Rate of Occurrence

Formula: # of Incidents divided by # of Years

21
New cards

ALE

Annual Loss Expectancy

Formula: Single Loss Expectancy (SLE) multiplied by Annualized Rate of Occurrence (ARO)

22
New cards

Risk Acceptance

Understanding the risks and agreeing to live with the consequences.

23
New cards

Three Types of Threats

External, Internal, Natural

24
New cards

Active Reconnaissance

Uses techniques such as port scans, traceroute information, network mapping, Direct & Intrusive

25
New cards

Pivot

A technique used to move through a network by using a compromised system

26
New cards

Passive Reconnaissance

Uses techniques such as social media, news reports, dumpster diving, and company websites, Indirect & Difficult to Detect.

27
New cards

Initial Exploitation

Attacks leveraging vulnerabilities to gain access into a system, drive-by-compromise phishing and brute force are all techniques.

28
New cards

Escalation of Privileges

Technique used to navigate deeper into a network and gain higher level access

29
New cards

Chaos Engineering

An intentional controlled set of failures to understand the impacts and plan better for it. Basically destroying the system for a greater good.

30
New cards

Vulnerability Scan

Automated tools that identify security weaknesses or vulnerabilities