4.1 - Describe the properties of a Security Case for a known system.

Question 1

How do OWASP define risk?

Answer 1

OWASP classifies it as Risk = Likelihood * Impact

Question 2

What is Risk Avoidance

Answer 2

Eliminate. - Informed decision not to be involved in, or to withdraw from, an
activity in order not to be exposed to a particular risk (ISO Guide 73)

Question 3

What is Risk acceptance

Answer 3

The business will accept the risk with its impact and probability since the risk could be small or unlikely.

Question 4

Name risk probabilities

Answer 4

very likely, likely and unlikely

Question 5

Risk Transference

Answer 5

This is transferring or sharing the risk with a third party

Question 6

What is risk? (as defined in ISO 27000)

Answer 6

Risk. The effect of uncertainty on objectives (ISO/IEC 27000)

Question 7

What is Risk Reduction

Answer 7

Action taken to lessen the probability, negative consequences, or
both, associated with risk (ISO 22300:2018) - Could also be refereed to as mitigation

Question 8

What is a security business case?

Answer 8

It can be used to justify reasoning behind a security decision/security solution being bought.

Question 9

What is important in a security business case

Answer 9

Well researched.

Question 10

What is the value of a security business case to a security professional?

Answer 10

Transfer responsibility to management.