CCISO Certified Chief Information Security Officer All-in-One Exam Guide
Two frequently used quantitative methods are Single Loss Expectancy and Annualized Loss Expectancy.
Jordan Genung • CCISO Certified Chief Information Security Officer All-in-One Exam Guide
Phishing Obtaining sensitive information by disguising oneself as a trusted entity, usually via e-mail
Jordan Genung • CCISO Certified Chief Information Security Officer All-in-One Exam Guide
Qualitative Methods Qualitative methods do not use dollar amounts (although they may still involve calculations). Qualitative analysis may be as simple as an executive saying “System X is really important to us, so I designate it as high risk” or it may be a highly complex analysis with many variables.
Jordan Genung • CCISO Certified Chief Information Security Officer All-in-One Exam Guide
Understand acceptable risk level
Jordan Genung • CCISO Certified Chief Information Security Officer All-in-One Exam Guide
Figure 1-6 Risk management includes choosing the appropriate controls and achieving the right balance of security versus cost.
Jordan Genung • CCISO Certified Chief Information Security Officer All-in-One Exam Guide
Countermeasure A control that is put in place to mitigate a risk. Controls include the use of access control lists, deployment of firewalls, enforcement of strong passwords, and the use of encryption.