Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
Chapter 1 Terms
Security+ SY0-501 7th Edition Terms (Chapter 1)
| Question | Answer |
|---|---|
| acceptable use policy/rules of behavior | Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and Internet access. |
| annual loss expectancy (ALE) | A calculation used to identify risks and calculate the expected loss each year. |
| annualized rate of occurrence (ARO) | A calculation of how often a threat will occur. For example, a threat that occurs once every five years has an annualized rate of occurrence of 1/5, or 0.2. |
| asset value (AV) | The assessed value of an item (server, property, and so on) associated with cash flow. |
| business impact analysis (BIA) | A study of the possible impact if a disruption to a business’s vital resources were to occur. |
| business partners agreement (BPA) | An agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses. |
| exposure factor (EF) | The potential percentage of loss to an asset if a threat is realized. |
| interconnection security agreement (ISA) | “an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. |
| maximum tolerable downtime (MTD) | The maximum period of time that a business process can be down before the survival of the organization is at risk |
| mean time between failures (MTBF) | The measurement of the anticipated lifetime of a system or component. |
| mean time to failure (MTTF) | The measurement of the average of how long it takes a system or component to fail. |
| mean time to restore (MTTR) | The measurement of how long it takes to repair a system or component once a failure occurs. |
| memorandum of understanding (MOU)/memorandum of agreement (MOA) | Most commonly known as an MOU rather than MOA, this is a document between two or more parties defining their respective responsibilities in accomplishing a particular goal or mission, such as securing a system. |
| recovery point objective (RPO) | The point last known good data prior to an outage that is used to recover systems. |
| recovery time objective (RTO) | The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable. |
| Redundant Array of Independent Disks (RAID) | A configuration of multiple hard disks used to provide fault tolerance should a disk fail. Different levels of RAID exist. |
| risk | The probability that a particular threat will occur, either accidentally or intentionally, leaving a system vulnerable and the impact of this occurring. |
| risk acceptance | A strategy of dealing with risk in which it is decided the best approach is simply to accept the consequences should the threat happen. |
| risk analysis | An evaluation of each risk that can be identified. Each risk should be outlined, described, and evaluated on the likelihood of it occurring. |
| risk assessment | An evaluation of the possibility of a threat or vulnerability existing. An assessment must be performed before any other actions—such as how much to spend on security in terms of dollars and manpower—can be decided. |
| risk avoidance | A strategy of dealing with risk in which it is decided that the best approach is to avoid the risk. |
| risk calculation | The process of calculating the risks that exist in terms of costs, number, frequency, and so forth. |
| risk deterrence | A strategy of dealing with risk in which it is decided that the best approach is to discourage potential attackers from engaging in the behavior that leads to the risk. |
| risk mitigation | A strategy of dealing with risk in which it is decided that the best approach is to lessen the risk. |
| risk transference | A strategy of dealing with risk in which it is decided that the best approach is to offload some of the risk through insurance, third-party contracts, and/or shared responsibility. |
| service-level agreement (SLA) | An agreement that specifies performance requirements for a vendor. This agreement may use mean time before failure (MTBF) and mean time to repair (MTTR) as performance measures in the SLA. |
| single loss expectancy (SLE) | The cost of a single loss when it occurs. This loss can be a critical failure, or it can be the result of an attack. |
| single point of failure (SPOF) | A single weakness that is capable of bringing an entire system down |
| vulnerability | A flaw or weakness in some part of a system’s security procedures, design, implementation, or internal controls that could expose it to danger (accidental or intentional) and result in a violation of the security policy. |
Created by:
StudySleeping
Popular Computers sets