Compliance SEC+

The flashcards below were created by user anthonyrt2015 on FreezingBlue Flashcards.

  1. What are the control categories?
    • Preventive
    • Deterrent
    • Detective
    • Corrective
    • Recovery
    • Directive
    • Compensating
  2. Physical Security
    • Protection of computing facilities¬†
    • Physical protection for end-user systems:
    • Media access control and disposal procedures
    • Backup systems and provisions for offsite backup storage
  3. ____Dictates the security structure of an organization and establishes the goals of the security program
    Security Policy
  4. To be effective in a security policy
    • Planned
    • Implemented
    • Maintained
  5. _____is the reason for mandatory vactions
  6. Job rotations are good for____
    Fraud protection
  7. ____cover a clearly stated policy regarding privacy
    Privacy Policy
  8. Three measure for risk analysis are:
    • Likelihood
    • Annualized Loss Expectancy(ALE)
    • Impact
  9. What are the two major risk analysis types:
    Quantitative Analysis and Qualitative Analysis

    Hint: Quantitative(numbers) Qualitative(judgements)
  10. Steps in Quantitative Analysis Process
    Identify threats, threat vectors, vulnerabilities and impacts
  11. Types of Evidence
    • Best
    • Secondary¬†
    • Direct
    • Conclusive
    • Opinion
    • circumstantial
    • Hearsay
Card Set
Compliance SEC+
Show Answers