Untitled Flashcards Set

“step-by-step instructions designed to assist employees in following policies, standards, and guidelines” → Procedures,

The prioritized lists of assets and threats are combined into this kind of worksheet which serves as a starting point for a risk assessment. → Threats-Vulnerabilities-Assets (TVA),

The process of implementing a formal program designed to continuously review and improve any type of organizational effort → Continuous improvement,

The process of assessing potential weaknesses in each information asset is known as: → Threat assessment,

A statement of the organization’s position that is intended to influence and determine decisions and actions and that is used to control the actions of people and the development of procedures → Policy,

These are designed to modify any employee behavior that endangers the security of the organization’s information. → Security awareness and security training,

A CompTIA security certification. → CASP,

A number that does not mean anything in absolute terms but gives a relative risk associated with each vulnerable information asset. → Risk rating,

The process of doing something about risk once the organization has identified risk, assessed it, evaluated it, and then determined that the current level of remaining risk is unacceptable. → Risk treatment,

A hybrid of a security technician and a security manager, with both technical knowledge and managerial skill. → Security administrator,

The people accountable for the day-to-day operations of the InfoSec program → Security managers