1 The four types of access that may be granted to a database

1. The four types of access that may be granted to a database are ___, ___, ___, ___ (CRUD), and also represent the four types of security breaches that may occur in systems.

4. Application controls address the ___ of a failure.

5. Audit controls address the ___ of a failure (i.e., audit controls attempt to determine if the application controls are adequate).

8. Name a model used for assessing the security engineering aspects of the target organization.

10. A(n) ___ practice should be applied across the life cycle of the enterprise, and should not specify a particular method or tool.

1. What are the three essential components of risk management?

2. Risk assessment considers ___ to be a function of the likelihood of a given threat resulting in certain ___.

3. What essential Information Security Principles do the following interview questions address?

5. What is the potential business impact if the information were disclosed?

a. What are the effects on the organization if the information is not reliable?

b. To what extent can the system downtime be tolerated?

c. A weakness that can be accidentally triggered or intentionally exploited is called a ___.

8. The three essential components of risk management are ___, ___, and ___.

Solution

1)The four types of access that may be granted to a database are CREATE,READ,UPDATE,DELETE(CRUD),

4)Application controls address the prevention of a failure.

8) Name a model used for assessing the security engineering aspects of the target organization.

SSE-CMM architecture

10) A base practice should be applied across the life cycle of the enterprise, and should not specify a particular method or tool.

==========================================================

8. The three essential components of risk management are RISK ASSESSMENT, RISK MITIGATION, and

RISK EVALUATION

c.A weakness that can be accidentally triggered or intentionally exploited is called a Vulnerability