5.3 Explain risk management processes and concepts. Flashcards
Threat
Anything that can harm your resources or could potentially result in a security violation.
Vulnerability
Anything that can harm your resources or could potentially result in a security violation.
Exploit
The act of taking advantage of an identified vulnerability
Threat Vector
A path or a tool that a Threat Actor uses to attack the target.
Internal Threat
biggest threat because they know your network.
Asset Value (AV)
An asset is defined as any item that has positive economic value.
Exposure Factor (EF)
The portion of an assets value that is likely to be damaged or destroyed by a threat
Single Loss Expectancy (SLE)
AV x EF = SLE
Asset Value x Exposure Factor = Single Loss Expectancy
Represents how much you could expect to lose should a single event occur
Annualized Rate of Occurrence (ARO)
How often an event is expected to occur in a single year.
Often drawn from Historical data.
Annualized Loss Expectancy (ALE)
The monetary measure of how much loss a business could expect in a year.
SLE x ARO = ALE
Single Loss Expectancy x Annualized Rate of Occurrance = Annualized Loss Expectancy
Suppose that an asset is valued at $100,000 with 25% exposure to a threat.
A threat event is expected to occur twice a year.
100,000 X .25 = 25,000
25,000 x 2 = 50,000
Likelihood of Occurrence
Refers to the probability that a threat event will happen
Quantitative Analysis
Refers to the clearest measure (Your have receipts)
Qualitative Analysis
What you feel its worth.
Acceptance
Accepting the threat without any mitigation.
Often the choice that you must make when the cost of implementing any of the other responses exceeds the value of the harm that would occur if the risk came to fruition.