5.4 Risk management processes and concepts Flashcards

1
Q

Risk management: how to assess a risk ?

A

1/ Identify assets that could be affected by an attack: hardware, customer data, intellectual property
2/ Identify threats
3/ Determine the risk: high, medium, low

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk management: how to manage the risk ?

A

You can accept it, avoid it (stop the high risk activity), transfer it (via buying insurance), mitigate it (decrease the risk level with certain measure)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk analysis: how to evaluate a risk ?

A

likehood (probability that it occurs) x impact (on the organization)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Risk analysis: what is the inherent risk ?

A

risk that exists in the absence of ocntrols

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk analysis: what is the residual risk ?

A

risk that exists after controls are considered

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Risk analysis: what is the risk appetite ?

A

amount of risk an organization is going to take

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk analysis: what is SLE ?

A

Single Loss Expectancy is the monetary loss if a single event occurs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk analysis: what is ALE ?

A

Annualized Loss Expectancy = likehood (ARO) x SLE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Business Impact Analysis: what is RTO?

A

Recovery time objective describe how long a service would take to get back up and running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Business Impact Analysis: what is RPO?

A

Recovery point objective: “how much data loss is acceptable, bring the system back online etc”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Business Impact Analysis: what is MTTR?

A

Mean time to repair: time required to fix issue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Business Impact Analysis: what is MTBF?

A

Mean time between failures: predict the time between outages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Business Impact Analysis: what is a functional recovery plan?

A

Step by step guide to recover from an outage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Business Impact Analysis: what is DRP?

A

Disaster recoevry plan is a detailed plan for resuming operations after a disaster

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Business Impact Analysis: what are the impact of a disaster?

A
  • Life (death)
  • Property (building, assets)
    -Safety
  • Financial
  • Reputational
How well did you know this?
1
Not at all
2
3
4
5
Perfectly