10: 1 Risk Analysis

Question 1

Risk Assessment

Answer 1

Identifying and triaging the risks facing an organization

Question 2

Threat

Answer 2

External force that jeopardizes security

Question 3

Threat vector

Answer 3

Method an actor uses to get to their target

Question 4

Vulnerability

Answer 4

Weakness in security controls

Question 5

Risk

Answer 5

Combination of vulnerability and a corresponding threat

Question 6

Factors that prioritize a risk

Answer 6

Likelihood and Impact

Question 7

Qualitativee Risk Assessment

Answer 7

Use subjective ratings to evaluate risk (Low, medium, high)

Question 8

Quantitative Risk Assessment

Answer 8

Uses objective numeric ratings to evaluate risk

Question 9

Quantitative Risk Assessment is performed on?

Answer 9

Single risk and asset pair

Question 10

AV

Answer 10

Asset value - the dollar value of an asset

Question 11

AV Techniques (3)

Answer 11

Original Cost Technique
Depreciated Cost Technique
Replacement Cost Technique

Question 12

EF

Answer 12

Exposure Factor- Expected percentage of damage to an asset (%)

Question 13

SLE

Answer 13

Single-Loss Expectancy - Expected dollar loss if a risk occurs one time

Question 14

Formula for SLE

Answer 14

SLE = AV * EF

Question 15

ARO

Answer 15

Annualized Rate of Occurrence- Number of times a risk is expected to occur each year

Question 16

ALE

Answer 16

Annualized Loss Expectancy - Expected dollar loss from a risk in any given year

Question 17

Formula for ALE

Answer 17

ALE = SLE * ARO

Question 18

MTTF

Answer 18

Mean Time to Failure - Average time a nonrepairable assets will last

Question 19

MTBF

Answer 19

Mean Time Between Failures - Average time between failures of a repairable asset

Question 20

MTTR

Answer 20

Meant Time to Repair - Average time required to return a repairable component to service

Question 21

Internal Risk

Answer 21

Arise from within the organization

Question 22

Address Internal Risks?

Answer 22

Using internal controls

Question 23

External Risk

Answer 23

Arise from outside the organization

Question 24

Address External Risks?

Answer 24

Using internal controls

Question 25

Multiparty Risks

Answer 25

Shared across many organizations (i.e. software as a service provider is compromised)

Question 26

Legacy Risks

Answer 26

Arise from unsupportable systems

Question 27

Software license compliance issues

Answer 27

Risk of fines and legal action

Question 28

Data Classification Policies

Answer 28

Assign information into categories that determine storage, handling, and access requirements

Question 29

Assign classification based upon

Answer 29

Sensitivity of Information, Criticality of Information

Question 30

Types of Sensitive Customer Information

Answer 30

PII, Financial Information, Healthcare Information (HIPAA)