CYBERSECURITY RISK MANAGEMENT FINAL EXAM ANSWERED
#8
Risk Management Goal - correct answer To maximize the output of the organization
while minimizing the chance for unexpected outcomes
Confidentiality - correct answer Preventing unauthorized disclosure of information
Integrity - correct answer Ensure information is not modified or destroyed
Availability - correct answer Available when needed
Accountability - correct answer Ability to trace activities to responsible source
Vulnerability - correct answer weakness in an information system
Loss - correct answer Results in a compromise to business functions or assets that
adversely affects the business
Data Breach - correct answer An event in which an individual's information is potentially
put at risk
Data Breach Causes - correct answer Malicious or criminal attack, system glitch, or
human error
Personally Identifiable Information (PII) - correct answer Any information about an
individual maintained by an agency, including any information that can be used to
distinguish or trace an individual's identity
Threat - correct answer Any activity that represents a possible danger
Risk Management Principles - correct answer • Governance framework is important
• Managing risks is everyone's responsibility
• Risk Management should be integrated into key business processes
• Establishing a risk appetite is key
• Planning fosters a culture of resilience
Inherent Cyber Risk - correct answer Risk without security controls in place
Residual Risk - correct answer The risk with cyber security controls in place
Aggregate Risk - correct answer Total or cumulative amount of exposure associated
with a specified risk
Cyber Strategy - correct answer • Understand value of business digital assets
, • Prioritize remediation resources based on impact to business assets & financial
impacts
• Adequate cyber budget for people, processes and tools
• Consider cyber insurance
NIST CRMF (SP 800-37) - correct answer 1. Categorize Information systems
2. Identify and Tailor Security controls
3. Implement security controls
4. Access Security controls
5. Authorize Information systems
6. Continuous monitoring
Measuring Threat - correct answer Evaluate the probability that a particular vulnerability
will be exploited by a threat source
Unintentional Threats - correct answer 1. Environmental: weather, location, public
health
2. Human errors
3. Accidents
4. Failures: equipment
Intentional Threats - correct answer 1. Greed
2. Espionage
3. Anger
4. Desire to damage
Exploit - correct answer the act of taking advantage of a vulnerability resulting in a
compromise to the system, application or data
Active Attack - correct answer Attempt to alter system resources or affect their operation
Passive Attack - correct answer Attempt to learn or make use of information from the
systems that does not affect system resources
Information Technology Domains - correct answer - User
- Workstation
- Networks (LAN & WAN)
- Remote Access
- Systems & Applications
Data Vulnerability Types - correct answer
In Transit - correct answer Data being electronically transmitted between systems
In Process - correct answer Protection of data as it is being used by system or
application
#8
Risk Management Goal - correct answer To maximize the output of the organization
while minimizing the chance for unexpected outcomes
Confidentiality - correct answer Preventing unauthorized disclosure of information
Integrity - correct answer Ensure information is not modified or destroyed
Availability - correct answer Available when needed
Accountability - correct answer Ability to trace activities to responsible source
Vulnerability - correct answer weakness in an information system
Loss - correct answer Results in a compromise to business functions or assets that
adversely affects the business
Data Breach - correct answer An event in which an individual's information is potentially
put at risk
Data Breach Causes - correct answer Malicious or criminal attack, system glitch, or
human error
Personally Identifiable Information (PII) - correct answer Any information about an
individual maintained by an agency, including any information that can be used to
distinguish or trace an individual's identity
Threat - correct answer Any activity that represents a possible danger
Risk Management Principles - correct answer • Governance framework is important
• Managing risks is everyone's responsibility
• Risk Management should be integrated into key business processes
• Establishing a risk appetite is key
• Planning fosters a culture of resilience
Inherent Cyber Risk - correct answer Risk without security controls in place
Residual Risk - correct answer The risk with cyber security controls in place
Aggregate Risk - correct answer Total or cumulative amount of exposure associated
with a specified risk
Cyber Strategy - correct answer • Understand value of business digital assets
, • Prioritize remediation resources based on impact to business assets & financial
impacts
• Adequate cyber budget for people, processes and tools
• Consider cyber insurance
NIST CRMF (SP 800-37) - correct answer 1. Categorize Information systems
2. Identify and Tailor Security controls
3. Implement security controls
4. Access Security controls
5. Authorize Information systems
6. Continuous monitoring
Measuring Threat - correct answer Evaluate the probability that a particular vulnerability
will be exploited by a threat source
Unintentional Threats - correct answer 1. Environmental: weather, location, public
health
2. Human errors
3. Accidents
4. Failures: equipment
Intentional Threats - correct answer 1. Greed
2. Espionage
3. Anger
4. Desire to damage
Exploit - correct answer the act of taking advantage of a vulnerability resulting in a
compromise to the system, application or data
Active Attack - correct answer Attempt to alter system resources or affect their operation
Passive Attack - correct answer Attempt to learn or make use of information from the
systems that does not affect system resources
Information Technology Domains - correct answer - User
- Workstation
- Networks (LAN & WAN)
- Remote Access
- Systems & Applications
Data Vulnerability Types - correct answer
In Transit - correct answer Data being electronically transmitted between systems
In Process - correct answer Protection of data as it is being used by system or
application
