CHAPTER SUMMARY

This chapter covered many of the details that should be considered when turning a risk assessment into a risk mitigation plan. The starting point is to thoroughly review the countermeasures, a process that often includes matching threats with vulnerabilities and identifying all the costs associated with them, including any hidden costs. If the costs change, the cost-benefit analysis may need to be redone.

If much time has passed since the risk assessment was approved, the existence of the risk elements and the effectiveness of the countermeasures in mitigating the risks must be verified. Two key goals while executing the plan are to stay within budget and on schedule. Last, a follow-up should be done to ensure that the approved countermeasures are implemented and that they actually mitigate the risks as expected.

KEY CONCEPTS AND TERMS

Account management policy

Cost-benefit analysis (CBA)

Implicit deny

Network load balancing

Password policy

Scale out

Scale up

Uninterruptible power supply (UPS)

Web farm

CHAPTER 11 ASSESSMENT

  1. A(n) ________ countermeasure is one that has been approved and has a date for implementation.
  2. A single risk can be mitigated by more than one countermeasure.
    1. True
    2. False
  3. The formula for risk is Risk = ________.
  4. What would an account management policy include?
    1. Details on how to create accounts
    2. Details on when accounts should be disabled
    3. Password policy
    4. A and B only
    5. A, B, and C
  5. What could a password policy include?
    1. Length of password
    2. List of required passwords
    3. User profiles
    4. All of the above
  6. The ________ plan will include details on how and when to implement approved countermeasures.
  7. A countermeasure is being reviewed to be added to the mitigation plan. What costs should be considered?
    1. Initial purchase costs
    2. Facility costs
    3. Installation costs
    4. Training costs
    5. All of the above
  8. Which of the following items are considered facility costs for the implementation of a countermeasure?
    1. Installation and air-conditioning
    2. Installation and training
    3. Power and air-conditioning
    4. Power and training
  9. What’s a reasonable amount of time for an account management policy to be completed and approved?
    1. Twenty minutes
    2. One day
    3. One month
    4. One year
  10. What can be used to determine the priority of countermeasures?
    1. Cost-benefit analysis
    2. Threat likelihood/impact matrix
    3. Disaster recovery plan
    4. Best guess method
  11. A risk assessment was completed three months ago and has recently been approved. What should be done first to implement a mitigation plan?
    1. Verify risk elements
    2. Purchase countermeasures
    3. Redo risk assessment
    4. Redo the CBA
  12. Two possible countermeasures are being evaluated to mitigate a risk, but management wants to purchase only one. What can be used to determine which countermeasure provides the better cost benefits?
    1. Threat likelihood/impact matrix
    2. Threat score
    3. CBA
    4. CIA
  13. A cost-benefit analysis is being performed to determine whether a countermeasure should be used. Which of the following formulas should be applied?
    1. Loss before countermeasure – Loss after countermeasure
    2. Loss after countermeasure – Loss before countermeasure
    3. Projected benefits – Cost of countermeasure
    4. Cost of countermeasure – Projected benefits
  14. Of the following items, what one(s) should be included in a cost-benefit analysis report?
    1. Recommended countermeasure
    2. Risk to be mitigated
    3. Costs
    4. Annual projected benefits
    5. A and C only
    6. A, B, C, and D
  15. NIST 800-63 provides guidance on risk management strategies and policies.
    1. True
    2. False
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.219.182.76