Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISSP Flashcards > 1-9 > Flashcards

1-9 Flashcards

1
Q

Define Risk.

A

Uncertainty of outcome

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How do you assess risk?

A

By evaluating the culmination of likelihood of something happening and the impact if it does happen. (likelihood+impact)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is risk volatility?

A

Describes the extent to which the level of risk is likely to change over time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is risk velocity?

A

Risk velocity is how fast an exposure can impact an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is cascading risk?

A

Cascading risk is the principle that risks are linked and failing to address one can cause a chain reaction. 3 categories: parallel risk, serial risk, and mixed (combo of parallel and serial).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is risk appetite?

A

Level of risk that an organization is comfortable engaging in. Determined by BoD. Categories include strategic, reputational, operational, financial, compliance, legal, and resilience.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is risk tolerance?

A

Acceptable variation in outcomes based on a specific performance measure. Acceptable deviation from risk appetite!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are the four processes in a risk assessment?

A

Identification, Analysis (likelihood, impact, and level), Evaluation (analysis comparison with appetite and tolerance), and Response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Name some risk assessment frameworks

A

NIST RMF (Risk Management Framework), NIST SP800-30 (Risk assessments), ISO 31000, OCTAVE (Operationally Critical Threat, Asset, and Vuln Assessment), and COBIT 2019.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a risk analysis and its outcome?

A

Process by which likelihood, impact, and level of risk are determined. The outcome includes inherent and residual risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

AV (in risk analysis)?

A

Asset Value

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

EF?

A

Exposure Factor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SLE?

A

Single Loss Expectancy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ARO?

A

Annualized rate of occurrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

ALE

A

Annualized loss expectancy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How is SLE calculated?

A

AV * EF

17
Q

How ALE calculated?

A

SLE * ARO

18
Q

What is risk response?

A

Responsibility to determine how to respond to the outcome of a risk analysis

19
Q

What are the four risk treatment options?

A

Avoid/terminate, transfer, mitigate, or accept?

20
Q

What is risk transfer?

A

Usually accomplished by insurance. Used when likelihood is low but impact is high.

21
Q

What is risk mitigation?

A

Reduction or risk by implementing controls, countermeasures, or process changes.

22
Q

What is risk exception vs risk exemption

A

Exception is an acknowledgement of identified risk but approving it temporarily or permanently. Exemption is to not address the risk at all, deeming it too low of a chance or too high of expense/effort to mitigate.

23
Q

What are the control classifications?

A

Deterrent, Preventative, Detective, Corrective, Compensating

CISSP Flashcards (26 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions