5.2 IMPORTANT

Question 1

one-time risk assessment

Answer 1

part of a one-time project, buying new equipment etc..

Question 2

continous assessments

Answer 2

may be part of an existing process, (for change management for example)

Question 3

ad hoc assessments

Answer 3

performing a risk assessment for one specific purpose.

Question 4

recurring assessments

Answer 4

risk assessment on a standard schedule. can be internal or required by law

Question 5

qualitative risk assessment

Answer 5

identify significant risk factors.

Question 6

quantitative risk assessment

Answer 6

calculate a specific value.

Question 7

ARO

Answer 7

Annualized Rate of Occurrence- how often it occurs in a year.

Question 8

AV

Answer 8

Asset value- value of the asset to the organization

Question 9

EF

Answer 9

Exposure factor- percentage of the value lost due to an incident

Question 10

SLE

Answer 10

Single Loss Expectancy-monetary loss if a single event occurs.

AV x EF=SLE

Question 11

ALE

Answer 11

Annualized Loss Expectancy= ARO x SLE

Question 12

impact of risk analysis

Answer 12

life, property, safety, finance

Question 13

risk likelihood

Answer 13

a qualitative measurement of risk. (low, medium, or high)

Question 14

risk probability

Answer 14

a quantitative measurement of risk.
a statistical measurement.

Question 15

risk appetite

Answer 15

risk taking deemed acceptable.

speed limit is 55.

Question 16

risk appetite posture

Answer 16

qualitative description for readiness to risk. meaning are you (expansionary, conservative, neutral)

Question 17

risk tolerance

Answer 17

an acceptable variance (usually larger) from the risk appetite.

speed limit is 55. officer wont chase you depending on how fast over the speed limit you’re going.

Question 18

risk register

Answer 18

identify and document the risk associated with each step. apply possible solutions to the identified risks.

Question 19

key risk indicators

Answer 19

identify risks that could impact the orgainzation

Question 20

risk owners

Answer 20

each indicator is assigned someone to manage the risk

Question 21

risk threshold

Answer 21

the cost of mitigation is at least equal to the value gained by mitigation

Question 22

risk mgmt strats

Answer 22

transfer, accept, accept with exemption, accept with exception.
avoid
mitigate

Question 23

risk reporting

Answer 23

identifies risks, detailed information for each risk

Question 24

Which asymmetric encryption technique provides a comparable level of security with shorter key lengths, making it efficient for cryptographic operations?

Answer 24

ECC (Elliptic curve cryptography) is a type of trapdoor function that is efficient with shorter key lengths