After risk assessment, your company plans to equip laptops used by sales representatives with FIPS 140-2 Level 3 compliant self-encrypting drives as a countermeasure to protect around 10% of confidential data stored on hard drives. You are analyzing the residual risk using a quantitative approach in another iteration of risk assessment after the risk treatment. Which of the following is the primary and direct factor subject to change due to the risk treatment? (Wentz QOTD)
A. Asset value
B. Exposure factor
C. Annual loss expectancy
D. Annualized rate of occurrence
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is __.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
- NIST FIPS PUB 140-3
- NIST FIPS PUB 140-2
- FIPS Standards for Self-Encrypting Drive Technology
- Seagate Enterprise Self-Encrypting Drives User Guide – Part 1
- Seagate Laptop Thin HDD ST500LM024
- Kingston Releases FIPS 140-2 Level 3 Encrypted USB Flash Drive with Management Ready Option
- SecureData SecureDrive BT FIPS 140-2 Level 3 Validated 256-Bit Hardware Encrypted External Portable Hard Drive USB 3.0 – Secure Wireless Unlock via Mobile App (1 TB)
在進行風險評鑑後，貴公司計劃為銷售代表使用的筆記本電腦配備符合 FIPS 140-2 三級(level 3)標準的自加密驅動器，作為保護存儲在硬盤驅動器上的大約 10% 機密數據的對策。 您正在風險處置後的另一個風險評鑑迭代中使用定量方法分析剩餘風險。 下列哪項是風險處置導致變化的主要和直接因素？ (Wentz QOTD)
A. 資產價值 (AV)
B. 暴露因子 (EF)
C. 年度損失預期 (ALE)
D. 年度發生率 (ARO)