5.Risk Evaluation Flashcards

1
Q

Risk Evaluation

Input

A

A list of risks with value levels assigned and risk evaluation criteria.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Action

A

Level of risks should be compared against risk evaluation criteria and risk acceptance criteria.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Implementation guidance

A

To evaluate risks, organizations should compare the estimated risks (using selected methods or approaches with the risk evaluation criteria defined during the context establishment. Risk evaluation criteria used to make decisions should be consistent with the defined external and internal information security risk management context and take into account the objectives of the organization and stakeholder views, etc.

Decisions as taken in the risk evaluation activity are mainly based on the acceptable level of risk. However, consequences, likelihood, and the degree of confidence in the risk identification and analysis should be considered as well.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Output

A

A list of risks prioritized according to risk evaluation criteria in relation to the incident scenarios that lead to those risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly