Domain 1: Security and Privacy Governance, Risk Management, and Compliance Program Test wi, Exams of Computer Science

Domain 1: Security and Privacy Governance, Risk Management, and Compliance Program Test with Answers

Typology: Exams

2025/2026

Available from 03/23/2026

KattyJennifer-1
KattyJennifer-1 🇺🇸

5

(2)

6.1K documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 / 2
Domain 1: Security and Privacy Governance, Risk Management, and
Compliance Program Test with Answers
Authenticity - -The property of being genuine
and able to be verified and trusted; confidence in the
validity of a transmission, a message, or message
originator. (Source: NIST SP 800-53 Rev 4; NIST SP
800-53A Rev 1; NIST SP 800-39.) Authenticity is
assurance that a message does indeed come from
the person who claims to have sent it.
Availability - -Ensuring timely and reliable
access to and use of information.
Compliance - -Adherence to a mandate; both
the actions demonstrating adherence and the tools,
processes, and documentation that are used in
adherence.
Confidentiality - -Preserving authorized
restrictions on information access and disclosure,
including means for protecting personal privacy and
proprietary information.
Data at rest - -Data that is in storage. It is not
being accessed or used.
Data in transit - -Data that is currently traveling
from one system or device to another; also known as
data in motion.
Data in use - -Data that is being processed,
read, accessed, erased, or updated by a system.
Governance - -The process of how an
organization is managed; usually includes all aspects
of how decisions are made for that organization,
such as policies, roles, and procedures the
organization uses to make those decisions.
Intangible asset - -Asset that has value but
may not have a physical presence.
Integrity - -Guarding against improper
information modification or destruction; includes
ensuring information nonrepudiation and authenticity.
Nonrepudiation - -Protection against an
individual falsely denying having performed a
particular action. Nonrepudiation provides the
capability to determine whether a given individual
took a particular action such as creating information,
sending a message, approving information, or
receiving a message.
Qualitative risk analysis - -A method for risk
analysis that is based on the assignment of a
descriptor such as low, medium, or high. (Source:
NISTIR 8286)
Quantitative risk analysis - -A method for risk
analysis where numerical values are assigned to both
impact and likelihood based on statistical probabilities
and monetarized valuation of loss or gain. (Source:
NISTIR 8286)
Risk assessment - -The process of identifying
and analyzing risks to organizational operations (e.g.,
mission, functions, image, or reputation),
organizational assets, individuals, other
organizations. The analysis performed as part of risk
management incorporates threat and vulnerability
analyses and considers mitigations provided by
security controls planned or in place.
Risk framing - -Risk framing includes the
identification of risk assumptions and constraints
(e.g., scoping) that are considered by the
organization. It also includes the identification of risk
tolerance for different types of risk, which is the
amount of a type of risk that is tolerable or acceptable
to an organization as the 'cost of doing business'.
Risk management - -The process of identifying,
pf2

Partial preview of the text

Download Domain 1: Security and Privacy Governance, Risk Management, and Compliance Program Test wi and more Exams Computer Science in PDF only on Docsity!

1 / 2

Domain 1: Security and Privacy Governance, Risk Management, and

Compliance Program Test with Answers

Authenticity - - The property of being genuine and able to be verified and trusted; confidence in the validity of a transmission, a message, or message originator. (Source: NIST SP 800-53 Rev 4; NIST SP 800 - 53A Rev 1; NIST SP 800-39.) Authenticity is assurance that a message does indeed come from the person who claims to have sent it. Availability - - Ensuring timely and reliable access to and use of information. Compliance - - Adherence to a mandate; both the actions demonstrating adherence and the tools, processes, and documentation that are used in adherence. Confidentiality - - Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Data at rest - - Data that is in storage. It is not being accessed or used. Data in transit - - Data that is currently traveling from one system or device to another; also known as data in motion. Data in use - - Data that is being processed, read, accessed, erased, or updated by a system. Governance - - The process of how an organization is managed; usually includes all aspects of how decisions are made for that organization, such as policies, roles, and procedures the organization uses to make those decisions. Intangible asset - - Asset that has value but may not have a physical presence. Integrity - - Guarding against improper information modification or destruction; includes ensuring information nonrepudiation and authenticity. Nonrepudiation - - Protection against an individual falsely denying having performed a particular action. Nonrepudiation provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, or receiving a message. Qualitative risk analysis - - A method for risk analysis that is based on the assignment of a descriptor such as low, medium, or high. (Source: NISTIR 8286) Quantitative risk analysis - - A method for risk analysis where numerical values are assigned to both impact and likelihood based on statistical probabilities and monetarized valuation of loss or gain. (Source: NISTIR 8286) Risk assessment - - The process of identifying and analyzing risks to organizational operations (e.g., mission, functions, image, or reputation), organizational assets, individuals, other organizations. The analysis performed as part of risk management incorporates threat and vulnerability analyses and considers mitigations provided by security controls planned or in place. Risk framing - - Risk framing includes the identification of risk assumptions and constraints (e.g., scoping) that are considered by the organization. It also includes the identification of risk tolerance for different types of risk, which is the amount of a type of risk that is tolerable or acceptable to an organization as the 'cost of doing business'. Risk management - - The process of identifying,

2 / 2

Domain 1: Security and Privacy Governance, Risk Management, and

Compliance Program Test with Answers

evaluating, and controlling threats, including all the phases of risk context (or frame), risk assessment, risk treatment, and risk monitoring. Risk monitoring - - Maintaining ongoing awareness of an organization's risk environment, risk management program, and associated activities to support risk decisions. Risk response - - Accepting, avoiding, mitigating, sharing, or transferring risk to organizational operations (e.g., mission, functions, image, or reputation), organizational assets, individuals, or third parties. (Source: NIST SP 800-

Risk tolerance - - The level of risk an entity is willing to assume to achieve a desired result. Risk threshold, risk appetite, and acceptable risk are also terms used synonymously with risk tolerance. Tangible asset - - An asset that has value and has a physical presence.