Fitsi Manager Federal It Security Institute Already Passed

Security category of an information type format {Ans: SC information type = {(confidentiality, impact), (integrity, impact), (availability, impact)}, where the acceptable values for potential impact are LOW, MODERATE, HIGH, or NOT APPLICABLE i.e., SC public information = {(confidentiality, NA), (integrity, MODERATE), (availability, MODERATE)}}SP800-30 Risk Assessment Tasks {Ans: SP800-30 SUMMARY OF RISK ASSESSMENT TASKS Step 1: Prepare for Risk Assessment Step 2: Conduct Risk Assessment Step 3: Communicate and Share Risk Assessment Results Step 4: Maintain Risk Assessment Step 1: Prepare for Risk Assessment IDENTIFY PURPOSE Section 3.1 Identify the purpose of the risk assessment in terms of the information that the assessment is intended to produce and the decisions the assessment is intended to support. IDENTIFY SCOPE Section 3.1 Identify the scope of the risk assessment in terms of organizational applicability, time frame supported, and architectural/technology considerations. IDENTIFY ASSUMPTIONS AND CONSTRAINTS Section 3.1 Identify the specific assumptions and constraints under which the risk assessment is conducted. IDENTIFY INFORMATION SOURCES Section 3.1 Identify the sources of descriptive, threat, vulnerability, and impact information to be used in the risk assessment. IDENTIFY RISK MODEL AND ANALYTIC APPROACH Section 3.1 Identify the risk model and analytic approach to be used in the