5.4 - Summarize risk management processes and concepts.

Question 1

RTO (Business impact analysis)

Answer 1

• Recovery time objective

– Get up and running quickly

– Get back to a particular service level

Question 2

RPO (Business impact analysis)

Answer 2

• Recovery point objective

– How much data loss is acceptable?

– Bring the system back online; how far back
does data go?

Question 3

MTTR (Business impact analysis)

Answer 3

• Mean time to repair

– Time required to fix the issue

Question 4

MTBF (Business impact analysis)

Answer 4

• Mean time between failures

– Predict the time between outages

Chapple 553
Weiss 609-610
Gibson 334

Question 5

• Functional recovery plans (Business impact analysis)

Question 6

• Single point of failure (Business impact analysis)

Question 7

• Disaster recovery plan (DRP) (Business impact analysis)

Question 8

• Mission essential functions (Business impact analysis)

Question 9

• Identification of critical systems (Business impact analysis)

Question 10

• Site risk assessment (Business impact analysis)

Question 11

• Environmental (disasters)

Question 12

• Person-made (disasters)

Question 13

• Internal vs. external (disasters)

Question 14

• Likelihood of occurrence

Answer 14

– Annualized Rate of Occurrence (ARO)
– How likely is it that a hurricane will hit?
In Montana? In Florida?

Question 15

• Impact

Question 16

AV

Answer 16

Asset value

Question 17

SLE

Answer 17

Single-loss expectancy

– What is the monetary loss if a single event occurs?
– Laptop stolen (asset value or AV) = $1,000

Weiss 605
Gibson 280-281

Question 18

• Annualized loss expectancy (ALE)

Answer 18

– ARO x SLE
– Seven laptops stolen a year (ARO) x
$1,000 (SLE) = $7,000

Question 19

• Annualized rate of occurrence (ARO)

Answer 19

– How likely is it that a hurricane will hit?
In Montana? In Florida?