5.4 - 5.5

Question 1

Risk managment types

Answer 1

Legacy systems, internal external threats or multiple parties , ip theft, etc

Acceptance - thats life we will accept the risk
Risk avoidance- use alternative devices
Transference - like cybersec insurance
Sec hardware

Question 2

Evaluating risk

Answer 2

Risk register
Risk matrix (heatmap)
Inherent risk
Residual risk
Risk appetite

Find and fill gaps with a formal security audit or self assessment add more sec controls for high levels of risk areas like firewalls so now required compliance is every year

Risk awareness

Question 3

Business impact analysis

Answer 3

Recovery time Objective rto when back up

Recovery point objective at what point to turn on rpo

Mean time repair mttr time to fix

Mean time between failures mtbf

Question 4

Functional recovery plan

Answer 4

Plan from outage to back up running, contact of key players, full technical process and list of steps, then test system, then resume

Question 5

Privacy impact assessment pia

Answer 5

How new products will affect customers data and privacy and this process can be public to build trust

Question 6

Data classification

Answer 6

Label sensitivity for diff documents requiring different levels of protection information

Proprietary
Personably identifiable information
Protected health information

Public/unclassified
Private/classified/ restricted/internal use
Sensitive
Confidential
Critical

Question 7

Enhancing privacy

Answer 7

Tokenization
Data minimization
Data masking
Anonymization
Pseudo anonymization

Question 8

Data roles

Answer 8

Data owner
Data controller
Payroll controller
Data steward
Data protection officer