Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

1. Risk is defined as --- (3) []2. What is the difference between cyber security

ID: 348596 • Letter: 1

Question

1. Risk is defined as ---

(3) []2. What is the difference between cyber security risk and any other risk?

(3) []3. What is risk management?

(2) []4. The goal of any risk response is achieve a balance of ______________________vs___________________

(2) []5. A loss occurs with _________________________________

(6) []6. Explain a 4 by 5 probability and impact matrix

(9) []7. There are three pillars(key components) in Cyber security risk ; identify each pillar and define it

(3) [] 8. Define what a threat is and give one example

(2) [] 9. Which is not a component of risk management:

Identifying risks

Assessing risks

Eliminating risks

Prioritizing risks

(2) []10. Which is not an accurate statement

A. You can reduce the impact of a threat

B. You can reduce the potential for a threat to occur

C. Threats can be eliminated

D. Threats are always present

(4) []11. Define what vulnerability is and give one source of a vulnerability

(2) []12. Identify theft is not:

Deliberate use of someone else’s identity

Fraud

Electronically altering data

Used for financial gain

(2) []13. Which is not an example of an exploit mitigation

A. Version control

B. Strong patch management

C. Policies and procedures

D. Incident response

(8) []14. There are 4 risk response options, name them

(3) []15. What is residual risk?

(2) []16. Define risk appetite

(6) []17. Define PII

(2) []18. Which is NOT a purpose of employee risk training?

They can develop a mitigation

They know how to recognize a risk

They know how to respond to a possible risk

All are purposes of a risk training program.

(2) []19. Which is NOT PII?

Driver’s license number

Computer IP address

Social Security Number

Towson ID number

(2) []20. Which is not true about compliance?

A. Compliance means you must comply with applicable laws

B. You are expected to be aware of compliance regulations and their relevance

C. Ignorance of the laws is no excuse

D. A company can determine what they must comply with

(8) []21. We discussed multiple compliance regulations, FISMA, HIPPA, GLBA, SOX, FERPA

Which is used to protect medical information? HIPPA

Which is used to protect Student Information?

T/F GLBA is a subset of FISMA that TU must comply with.

Who is required to comply with FISMA?

(2) []22. Which is not true of the NIST Cyber security Risk Management framework (CRMF)

A. Cyber security is managed at multiple organizational levels

B. Security is integrated into the system development life cycle

C. Cyber security risks are identified on a quarterly basis

D. The First stage requires a system inventory to be developed

(4) []23. Risk mitigation starts with a strong asset inventory. Give 4 pieces of information would be required in an asset inventory besides the system’s name and acronym.

(2) []24. Which factor below is not considered when determining mission criticality of a system?

A. Vital or an organization

B. If system fails the company cannot perform essential functions

C. Monetary loss

D. Legal and compliance requirements

(4) []25. Calculate the FIPS 199 system categorization for a Payroll system

(2) []26. What is the acronym (or name) of the federal organization that writes all federal cyber security and Risk Management standards, guidelines, and special publications?

(2) []27. There are three types of information, Public, Proprietary and private, which one requires the most protection?

(3) []28. What is a security control? Why would you use one?

(2) [] 29. Where would you find the control for the policy and procedures for the Contingency Planning (CP)) family?

(2) []30. What control family would you use if you wanted to make sure only the people that needed the information could see it?

(2) []31. What is the purpose of a system security plan?

(2) []32. Why is continuous monitoring important?

Explanation / Answer

1. Risk is defined as being uncertain about deviation from the expected results/outcomes. It occurs in your area of vulnerability.

2. Cyber Security risk  refers to the various information assets that could be affected by a cyber attack (such as hardware, systems, laptops, customer data and intellectual property). It is different for any other risk in the way it affects the victim, the volume and severity.

3. Risk Management refers to identification of risks in advance, analysis, assessment, control and minimization of risks. that is, identification and then taking both proactive and reactive measures to curb/diminished the impact of the risk.

4. The goal of any risk response is achieve a balance of Threats vs opportunities.

5. A loss occurs with the amount of revenue generated from a business/sale is less than the amount spent on furnishing the same.

6. 4 by 5 probability and impact matrix:

The Risk Impact/Probability Chart is based on the principle that a risk has two primary dimensions:

Probability and Impact Matrix is a tool for the project team to aid in prioritizing risks. it helps to determine which risks need detailed risk response plans by using the combination of probability and impact scores of individual risks and ranking/ prioritizing them for easy handling of the risks.

If a particular risk has a moderate probability and the estimated impact of this risk is major, then you look into the respective row and column to identify the risk rating. For a moderate probability and major impact, the risk rating in the above matrix is "Medium". The colors are visual indications of the seriousness of the risks

7. 3 pillars of cyber security risk:

8. A threat is a possible danger that might exploit a vulnerability to breach security and therefore cause possible harm. A threat can be either "intentional or "accidental".

9. Eliminating risks

10. C. Threats can be eliminated

11. A vulnerability is a flaw in the measures you take to secure an asset. Vulnerabilities expose your organization's assets to harm. They exist in operating systems, applications or hardware you use. For example, if you do not run antivirus and antimalware software, your laptop or mobile device is vulnerable to infections.

12. Question unclear.

Related Questions

1. Retinal ganglion cells located at the center of vision, in the fovea, have th
Question #267375
1. Retrieve H2 header of a webpage and assign the result to some variable named
Question #3545424
1. Retrieve customer names and number of orders placed; display the results in o
Question #3787931
1. Retrieve the employee ids, first and last names who work for department numbe
Question #3729392
1. Retrieve the file CFM0510P.XLS. Enter the appropriate financial function comm
Question #2786320
1. Retrieve the first name, last name, and SSN of each employee along with the d
Question #3573557
1. Retroviruses are named because their reverse transcriptase a. reverses the ac
Question #67683
1. Return on investment (ROI) is equal to the margin multiplied by: A) sales. B)
Question #2435196

Navigate

Previous
1. Ripple-Carry Adder RCA) First write a module for a full adder (FA) with: Inpu
Next
1. Risk-averse persons sometimes prefer to play some gambles even if they know t

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.