J. Risks Objectives Flashcards Preview

CISM: 1- Information Security Governance > J. Risks Objectives > Flashcards

Flashcards in J. Risks Objectives Deck (14)
Loading flashcards...
1
Q

What a strategy describes

A

How goal and objectives are to be met.

2
Q

What inputs to consider before developing objectives

A

Risk assessments and Threat assessments.

3
Q

Why a risk assessment

A

To reveal risks present in the organization.

4
Q

Result of risk assesement

A

Provides a strategist with valuable information on the types of resources required to bring risks down to an acceptable levels.

5
Q

Why performing a threat assessment

A

To better understand relevant threats.

6
Q

Result of threat assessment

A

Gives the strategist information about the types of threats most likely to have an impact on the organization, regardless of the effectiveness of controls.

7
Q

Why performing a threat assessment provides an additional perspective on risk

A

Because a threat assessment focuses on external threats and threat scenarios, regardless of the presence or effectiveness of preventive or detective controls.

8
Q

Security policy

A

Is thought of as an organization’s internal laws and regulations with regard to the protection of important assets.

9
Q

Security Standards

A

Describes in detail the methods, techniques, technologies, specifications, brands, and configurations to be used throughout the organization.

10
Q

Guidlines

A

Provides more details on how to adhere to policies.

11
Q

Organization’s achitechture

A

Documentation of systems, networks, data flows and other aspects of its environments.

12
Q

Technical debt

A

Poor design and

outdated and unsupported components

13
Q

When is technical debt accumulated

A

When organizations lack personnel capable of creating good architectural designs and also when an organization fails to upgrade end-of-life components.

14
Q

Last Page

A

81 - Control