(8) Risk and Risk Assessments

Question 1

What is the formula for risk severity?

Answer 1

Risk Severity = Probability x Magnitude

Question 2

What is risk avoidance?

Answer 2

Risk avoidance is where a business chooses to totally eliminate the chance that a risk will happen, such as shutting down a website completely, which is too harsh of course

Question 3

What is risk transferrence?

Answer 3

Risk transference is about shifting some of the impact of the risk to another entity, such as through getting cyber security insurance

Question 4

What is risk acceptance?

Answer 4

Risk acceptance is where the risk is accepted and nothing is done. This is useful if the cost of taking care of the risk is more expensive than if the risk actually happens

Question 5

What is risk mitigation?

Answer 5

Risk mitigation is putting something in place to reduce the risk, such as by using multi factor authentication in order to reduce the chance of an account takeover by way of a password crack

Question 6

What are technical controls?

Answer 6

Technical controls operate in the confidentiality, integrity, and availability in the digital side of things, such as through firewalls, ACLs, IPSs, etc.

Question 7

What are operational controls?

Answer 7

Operational controls include the processes that are put in place to manage tech in a secure way.

This can involve user access reviews, log management, etc.

Question 8

What are Managerial controls?

Answer 8

Managerial controls are those that pay attention to the mechanics of the risk management flow. These could involve performing risk assessments, security exercises, etc.