CISSP Domain 1 Security & Risk Management Exam with accurate detailed answers

2



CISSP Domain 1 Security & Risk Management Exam with
|| || || || || || || || ||




accurate detailed answers || ||




Acceptable Risk - ✔✔A suitable level of risk commensurate with the potential benefits of the
|| || || || || || || || || || || || || || ||




organization's operations as determined by senior management. || || || || || ||




Annual Rate of Occurrence (ARO) - ✔✔A quantitative risk analysis of the likelihood of a loss:
|| || || || || || || || || || || || || || || ||




number of incidents / number of years
|| || || || || ||




Annualized Loss Expectancy (ALE) - ✔✔A quantitative risk analysis: (Single Loss Exposure)
|| || || || || || || || || || || ||




SLE x Annual Rate of Occurrence (ARO)
|| || || || || ||




Auditing - ✔✔The tools, processes, and activities used to perform compliance reviews.
|| || || || || || || || || || ||




Availability - ✔✔Ensuring timely and reliable access to and use of information by authorized
|| || || || || || || || || || || || || ||




users.


Business Continuity (BC) - ✔✔Actions, processes, and tools for ensuring an organization can
|| || || || || || || || || || || || ||




continue critical operations during a contingency.
|| || || || ||




Business Continuity and Disaster Recovery (BCDR) - ✔✔A term used to jointly describe
|| || || || || || || || || || || || ||




business continuity and disaster recovery efforts.
|| || || || ||




Business Impact Analysis (BIA) - ✔✔A list of the organization's assets, annotated to reflect the
|| || || || || || || || || || || || || || ||




criticality of each asset to the organization.
|| || || || || ||




COBIT - ✔✔Guidelines designed for systems auditing.
|| || || || || ||

, 2


Compliance - ✔✔Adherence to a mandate; both the actions demonstrating adherence and the
|| || || || || || || || || || || || ||




tools, processes, and documentation that are used in adherence.
|| || || || || || || ||




Confidentiality - ✔✔Preserving authorized restrictions on information access and disclosure,
|| || || || || || || || || ||




including means for protecting personal privacy and proprietary information.
|| || || || || || || ||




Countermeasures/safeguards - ✔✔Defenses against threats. || || || ||




Data Custodian - ✔✔The person/role within the organization who usually manages the data on a
|| || || || || || || || || || || || || || ||




day-to-day basis on behalf of the data owner/controller.
|| || || || || || ||




Data Owner/Controller - ✔✔An entity that collects or creates PII.
|| || || || || || || || ||




Data Subject - ✔✔The individual human related to a set of personal data.
|| || || || || || || || || || || ||




Disaster recovery (DR) - ✔✔Those tasks and activities required to bring an organization back
|| || || || || || || || || || || || || ||




from contingency operations and reinstate regular operations.
|| || || || || ||




Due Care - ✔✔A legal concept pertaining to the duty owed by a provider to a customer.
|| || || || || || || || || || || || || || || ||




Due Diligence - ✔✔Actions taken by a vendor to demonstrate/provide due care.
|| || || || || || || || || || ||




Evaluation and Assurance - ✔✔Verifying the risk solutions are still effective. Phase 3 of Risk
|| || || || || || || || || || || || || || ||




Management.


Exposure - ✔✔Actual or anticipated damage from a threat.
|| || || || || || || ||