4.Risk Analysis Flashcards

1
Q

Assessment Of Consequences

input

A

A list of identified relevant incident scenarios, including identification of threats, vulnerabilities, affected assets, consequences to assets and business processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Action

A

The business impact on the organization that can result from possible or actual information security incidents should be assessed, taking into account the consequences of a breach of information security such as loss of confidentiality, integrity or availability of the assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Implementation guidance

A

After identifying all assets under review, values assigned to these assets should be taken into account while assessing the consequences.
A business impact concept is used to measure consequences. The business impact value can be expressed in qualitative and quantitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Output

A

A list of assessed consequences of an incident scenario expressed with respect to assets and impact criteria.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Assessment Of Likelihood

input

A

A list of identified relevant incident scenarios, including identification of threats, affected assets, exploited vulnerabilities and consequences to assets and business processes. Also, lists of all existing and planned controls, their effectiveness, implementation and usage status.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Action

A

The likelihood of the incident scenarios should be assessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Implementation guidance

A

After identifying the incident scenarios, it is necessary to assess the likelihood of each scenario and impact occurring, using qualitative or quantitative analysis techniques. This should take account of how often the threats occur and how easily the vulnerabilities can be exploited

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Output

A

Likelihood of incident scenarios (quantitative or qualitative).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Level Of Risk Determination

Input

A

A list of incident scenarios with their consequences related to assets and business processes and their likelihood (quantitative or qualitative).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Action

A

The level of risk should be determined for all relevant incident scenarios.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Implementation guidance

A

Risk analysis assigns values to the likelihood and the consequences of a risk. These values can be quantitative or qualitative. Risk analysis is based on assessed consequences and likelihood.

Additionally, it can consider cost benefit, the concerns of stakeholders, and other variables, as appropriate for risk evaluation. The estimated risk is a combination of the likelihood of an incident scenario and its consequences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Output

A

A list of risks with value levels assigned.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly