Open FAIR for The Open Group FAIR certification exam 2023 with complete solution
0 view 0 purchase
Course
Open FAIR
Institution
Open FAIR
Open FAIR for The Open Group FAIR certification exam 2023 with complete solution
Action
An act taken against an asset by a threat agent. This requires first that contact occurs between the asset and threat agent.
Asset
Anything that may be affected in a manner whereby its value is diminished ...
open fair for the open group fair certification exam 2023 with complete solution action an act taken against an asset by a threat agent this requires first that contact occurs between the asset and
Written for
Open FAIR
All documents for this subject (11)
Seller
Follow
magdamwikash23
Reviews received
Content preview
Open FAIR for The Open Group FAIR certification exam
2023 with complete solution
Action
An act taken against an asset by a threat agent. This requires first that contact occurs
between the asset and threat agent.
Asset
Anything that may be affected in a manner whereby its value is diminished or the act
introduces liability to the owner. Examples include systems, data, people, facilities,
cash, etc.
Broad Spectrum Risk Analysis
Any analysis that accounts for the risk from multiple threat communities against a single
asset.
Contact
Occurs when a threat agent establishes a physical or virtual (e.g., network) connection
to an asset.
Contact Frequency (CF)
The probable frequency, within a given timeframe, that a threat agent will come into
contact with an asset.
Control
Any person, policy, process, or technology that has the potential to reduce the Loss
Event Frequency (LEF) and/or Loss Magnitude (LM).
Control Strength (CS)
The strength of a control as compared to a standard measure of force.
FAIR
Factor Analysis of Information Risk
Loss Event
Occurs when a threat agent's action (threat event) is successful in negatively affecting
an asset.
Loss Event Frequency (LEF)
The probable frequency, within a given timeframe, that a threat agent will inflict harm
upon an asset.
Loss Magnitude (LM)
The probable magnitude of loss resulting from a loss event.
Multi-level Risk Analysis
Any analysis that accounts for the risk from a single threat community against a layered
set of assets (e.g., defense in depth).
Primary Stakeholder
The person or organization that owns the asset at risk. For example, The Open Group
would be the primary stakeholder in risk scenarios related to its assets.
Probability of Action (PoA)
The probability that a threat agent will act against an asset once contact occurs.
Probable Loss Magnitude (PLM)
The probable magnitude of loss resulting from a loss event.
Resistance Strength (RS)
, The strength of a control as compared to a baseline measure of force.
Risk
The probable frequency and probable magnitude of future loss.
Secondary Stakeholder
Individuals or organizations that may be affected by events that occur to assets outside
of their control. For example, consumers are secondary stakeholders in a scenario
where their personal private information may be inappropriately disclosed or stolen.
Threat
Anything that is capable of acting in a manner resulting in harm to an asset and/or
organization; for example, acts of God (weather, geological events, etc.), malicious
actors, errors, failures.
Threat Agent
Any agent (e.g., object, substance, human, etc.) that is capable of acting against an
asset in a manner that can result in harm.
Threat Capability (TCap)
The probable level of force that a threat agent is capable of applying against an asset.
Threat Community
A subset of the overall threat agent population that shares key characteristics.
Threat Event
Occurs when a threat agent acts against an asset.
Threat Event Frequency (TEF)
The probable frequency, within a given timeframe, that a threat agent will act against an
asset.
Vulnerability (Vuln)
The probability that a threat event will become a loss event.
What is the risk management stack?
Effective Management
is enabled by
Well-informed Decisions
are enabled by
Effective Comparisons
are enabled by
Meaningful Measurements
are possible due to an
Accurate Risk Model
All risk assessment approaches should include the following 5 attributes:
1. An effort to clearly identify and characterize the assets, threats, controls, and
impact/loss elements at play within the risk scenario being assessed.
2. An understanding of the organizational context for the analysis; i.e., what is at stake
from an organizational perspective, particularly with regard to the organization's
leadership perspective.
3. Measurement and/or estimation of the various risk factors.
4. Calculation of risk.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller magdamwikash23. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.29. You're not tied to anything after your purchase.
