100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Official (ISC)² CISSP - Domain 1: Security and Risk Management, Question with answers, graded A+ $9.49   Add to cart
Quickly navigate to
Preview
  2.  
  3. ² CISSP
  4.  
  5. ² CISSP
  6.  
  7. ² CISSP

Exam (elaborations)

Official (ISC)² CISSP - Domain 1: Security and Risk Management, Question with answers, graded A+
 2 views  0 purchase
  • Course
  • ² CISSP
  • Institution
  • ² CISSP

Official (ISC)² CISSP - Domain 1: Security and Risk Management, Question with answers, graded A+ Administrative Controls - -Procedures implemented to define the roles, responsibilities, policies, and administrative functions needed to manage the control environment. Annualized Rate of Occu...

[Show more]

Preview 2 out of 5  pages

Document information

  • February 21, 2023
  • 5
  • 2022/2023
  • Exam (elaborations)
  • Questions & answers

Subjects

  • question with answers
  • responsibilities
  • policies
  • an
  • official isc² cissp domain 1 security and risk management
  • graded a administrative controls procedures implemented to define the roles

Written for

  • ² CISSP
All documents for this subject (308)

Seller

avatar-seller
QuickPass

Reviews received

Content preview

Official (ISC)² CISSP - Domain 1:
Security and Risk Management,
Question with answers, graded A+

Administrative Controls - ✔✔-Procedures implemented to define the roles, responsibilities, policies, and
administrative functions needed to manage the control environment.



Annualized Rate of Occurrence (ARO) - ✔✔-An estimate of how often a threat will be successful in
exploiting a vulnerability over the period of a year.



Arms Export Control Act of 1976 - ✔✔-Authorizes the President to designate those items that shall be
considered as defense articles and defense services and control their import and the export.



Availability - ✔✔-The principle that ensures that information is available and accessible to users when
needed.



Breach - ✔✔-An incident that results in the disclosure or potential exposure of data.



Compensating Controls - ✔✔-Controls that substitute for the loss of primary controls and mitigate risk
down to an acceptable level.



Compliance - ✔✔-Actions that ensure behavior that complies with established rules.



Confidentiality - ✔✔-Supports the principle of "least privilege" by providing that only authorized
individuals, processes, or systems should have access to information on a need-to-know basis.



Copyright - ✔✔-Covers the expression of ideas rather than the ideas themselves; it usually protects
artistic property such as writing, recordings, databases, and computer programs.

, Corrective: Controls - ✔✔-Controls implemented to remedy circumstance, mitigate damage, or restore
controls.



Data Disclosure - ✔✔-A breach for which it was confirmed that data was actually disclosed (not just
exposed) to an unauthorized party.



Detective Controls - ✔✔-Controls designed to signal a warning when a security control has been
breached.



Deterrent Controls - ✔✔-Controls designed to discourage people from violating security directives.



Directive Controls - ✔✔-Controls designed to specify acceptable rules of behavior within an
organization.



Due Care - ✔✔-The care a "reasonable person" would exercise under given circumstances.



Due Diligence - ✔✔-Is similar to due care with the exception that it is a pre-emptive measure made to
avoid harm to other persons or their property.



Enterprise Risk Management - ✔✔-A process designed to identify potential events that may affect the
entity, manage risk so it is within its risk appetite, and provide reasonable assurance regarding the
achievement of entity objectives.



Export Administration Act of 1979 - ✔✔-Authorized the President to regulate exports of civilian goods
and technologies that have military applications.



Governance - ✔✔-Ensures the business focuses on core activities, clarifies who in the organization has
the authority to make decisions, determines accountability for actions and responsibility for outcomes,
and addresses how expected performance will be evaluated.



Incident - ✔✔-A security event that compromises the confidentiality, integrity, or availability of an
information asset.

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller QuickPass. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.49. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

81989 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.49
  • (0)
  Add to cart