Scribd Logo
Upload

Welcome to Scribd!

  • Week 2 Networking Notes

    Uploaded by

    Captain Vulgar
    7 views2 pages
    The document discusses several topics related to risk management: 1. It outlines the 8 steps in a typical risk mitigation process for information security. 2. It discusses the objectives of a business impact analysis which is to identify business processes and prioritize recovery based on the effect of those processes being unavailable. 3. It provides an overview of the OODA loop which is a 4 step process for decision making: observe, orient, decide, act.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses several topics related to risk management: 1. It outlines the 8 steps in a typical risk mitigation process for information security. 2. It discusses the objectives of a business impact analysis which is to identify business processes and prioritize recovery based on the effect of those processes being unavailable. 3. It provides an overview of the OODA loop which is a 4 step process for decision making: observe, orient, decide, act.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views2 pages

    Week 2 Networking Notes

    Uploaded by

    Captain Vulgar
    The document discusses several topics related to risk management: 1. It outlines the 8 steps in a typical risk mitigation process for information security. 2. It discusses the objectives of a business impact analysis which is to identify business processes and prioritize recovery based on the effect of those processes being unavailable. 3. It provides an overview of the OODA loop which is a 4 step process for decision making: observe, orient, decide, act.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Random notes from week 2

    Risk mitigation process


    1. Assess the information architecture and the information technology architectures that support
    it
    2. Assess the vulnerabilities and conduct threat modeling as necessary
    3. Choose risk treatments and controls
    4. Implement risk mitigation controls
    5. Verify control implements
    6. Engage and train users as part of the control
    7. Begin routine operations with new controls in place
    8. Monitor and assess system security with new controls in place

    Checking is part of conducting due diligence ob what the plan asked us to achieve and how it asked us to
    get it done. Planning is also a process of laying out the step by step path we need to take to go from
    “where we are” to Where we want to be. Doing is the phase that encompasses everything it takes to
    accomplish the plan. Acting is the phase that involves decisions and taking corrective or amplifying
    actions based on what the checking activities revealed.

    Business Impact Analysis Objectives


    A business impact analysis identifies and analyzes business processes and the effect of those
    processes being out of commission, and the ultimate goal is to create recovery objectives that
    dictate how to prioritize each of your business functions in the event of some kind of
    disaster

    The OODA loop (Observe, Orient, Decide, Act) is a four-step approach to decision-making that focuses
    on filtering available information, putting it in context and quickly making the most appropriate decision
    while also understanding that changes can be made as more data becomes available. The OODA loop is
    a way of thinking about the decision-making process. Here are the steps of John Boyd's OODA loop:

     Observe: Gather information about what is happening, right now, and what's been
    happening very recently.
     Orient: Remember what are the organization's goals and objectives.
     Decide: Make an educated guess as to what's going on and what needs to be done about
    it.
     Act: Take action on the decision that was made.

    Which of the following is defined as the estimated cost to implement and operate the chosen risk
    mitigation control? Safegaurd value

    What kind of information is part of an information risk assessment process? Lost revenues during the
    downtime caused by the risk incident, including the time it takes to get things back to normal

    Which of the following looks at your business procedures and how different risks can impact,
    disrupt, or block your ability to run those procedures successfully and correctly? Process based
    Which of the following is a consolidated statement of how different risks could impact the
    prioritized goals and objectives of an organization? BIA

    Which of the following starts with the premise that all systems have an external boundary that
    separates what the system owner, builder, and user own, control, or use, from what's not part of
    the system? Threat modeling

    An architecture assessment includes all of the following activities except for which one? Review
    of software testing procedures and results.
    All are the major steps described by the risk management framework to information and privacy
    risk management except for which one? Mitigate

    Which of the following is referred to as the maximum tolerable period of disruption? MAO
    The maximum acceptable outage (MAO) is the maximum time that a business process or task
    cannot be performed without causing intolerable disruption or damage to the business. It is referred to
    as the maximum tolerable outage (MTO), or the maximum tolerable period of disruption (MTPOD).

    Which of the following is defined as the identification and selection of an event that may be of
    significance in information security terms, either as a precursor or an indicator of a possible
    attack? Incident of interest

    All of the following are risk treatment controls except for which one? Functional

    Which of the following choices for limiting or containing the damage from risks keeps an attack
    from happening or contains it so that it cannot progress further into the target's systems? Prevent

    Which of the following activities is part of information risk mitigation? Developing an information
    classification policy and process

    You might also like