Learning Unit 9: Security Risk Reviews

1234567891011
Across
  1. 2. refer to the specialized knowledge and expertise needed to accomplish complex actions, tasks, and processes relating to computational and physical technology as well as a diverse group of other enterprises.
  2. 4. Through _____________, our goal is to understand how well the current security program operates within the technical architecture.
  3. 7. As an ________________ consultant, one of the most important jobs I do is to conduct an information security gap analysis.
  4. 8. These controls are used to manage the organization’s information security and compliance efforts and to address the people part of security. These types of controls include things like policies, standards, procedures, and training. These are not exciting, but are absolutely critical to good information security and compliance management.
  5. 10. Typically the controls that you can touch. These controls are designed to manage physical access to information and include things like door locks, alarm systems, and camera surveillance. It really doesn’t matter how good your antivirus software is if someone can easily steal your server.
  6. 11. is a collaborative process used to identify security-related issues, determine the level of risk associated with those issues, and make informed decisions about risk mitigation or acceptance.
Down
  1. 1. This is the IT part of security. Notice how the IT part of security is only one part of security and not all parts of security? Technical controls are what most people think of when they think of information security. These controls include things like firewalls, antivirus software, passwords, and permissions.
  2. 3. is keeping information secret—only allowing authorized disclosure. The opposite of confidentiality is disclosure.
  3. 5. should be a planned part of the risk management process and involve regular checking or surveillance. The results should be recorded and reported externally and internally, as appropriate. The results should also be an input to the review and continuous improvement of the firm's risk management framework.
  4. 6. was founded in 1901 and is now part of the U.S. Department of Commerce. _____________ is one of the nation's oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness at the time — a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany and other economic rivals.
  5. 9. is ensuring that information is accurate. Accurate information is critical to us in making sound decisions. The opposite of integrity is (unauthorized) alteration.