276 PART 2 | Mitigating Risk CHAPTER SUMMARY This chapter covered important elements of risk mitigation throughout an organization. You implement controls to mitigate risk by reducing the impact of threats, or by reducing vulnerabilities. You can measure the effectiveness of the controls against those two requirements. They should be most effective at preventing risk for any critical business operations in your organization. Legal compliance issues have grown very important in recent years for IT. More laws and regulations apply, and the cost for noncompliance can be expensive. It's important to take the time to identify relevant laws and guidelines. Regulations can have varying impacts on your organization, and you should consider them when implementing supporting controls. KEY CONCEPTS AND TERMS Critical business function (CBF) Critical success factor (CSF) Defense in depth E-Rate funding Maximum acceptable outage (MAO) Proxy server Return on investment (ROI) Service level agreement (SLA) Technology protection measure (TPM) CHAPTER 10 ASSESSMENT 1. A ________ is used to identify the impact on an organization if a risk occurs. 2. MAO is the minimal acceptable outage that a system or service can have before affecting the mission. A. True B. False 3. Your organization wants to have an agreement with a vendor for an expected level of performance for a service. You want to ensure that monetary penalties are assessed if the minimum uptime requirements are not met. What should you use? A. B. C. D. MAO BIA SLA IDS