Assesments and Analysis Flashcards

1
Q

What is a risk assessment?

A

The identification, analysis, and evaluation of uncertainties to objectives and outcomes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the objective of a risk assessment?

A

To provide results that inform decision makers of choices available to effectively manage risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the difference between Quantitative and Qualitative risk assessment?

A

Quantitative is computational and relies on probabilities and statistics.

Qualitative is subjective and relies on reasoning, uses descriptive terms like major, minor, moderate, likely, unlikely etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the difference between a …. Risk analysis, Risk evaluation, Risk assessment, and Risk identification?

A

Risk Assessment-Overall and systematic process of evaluating the effects of uncertainty on achieving objectives. Risk assessment includes Risk analysis, evaluation, and identification.

Risk Identification-Process for determining what risks are anticipated and, their characteristics, time dependencies, frequencies, duration periods, and possible outcomes.

Risk Analysis-Process to characterize risk and understand the nature of risk and to define the level of risk.

Risk Evaluation-Process of equating the results of risk analysis with risk criteria to determine whether a particular risk level is within an acceptable tolerance or presents a potential opportunity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What benefits and costs should be taken into account during a Cost-Benefit Analysis?

A

Both the Direct and Indirect Costs/Benefits.

Indirect: Loss of productivity, but increase in worker confidence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Criticality/Consequence Analysis?

A

A measure of impact of the risk event relative to achieving the organization’s objectives and the impact of losing a tangible or intangible assets, activity, or function will have on the operations of the organization and its stakeholders respectively.

Also defined as: A process designed to systematically identify, evaluate, and rank positive and negative impacts on an organizations stakeholders, assets, services, and activities based on the importance of its mission or unction, or the significant of risks on the organizations ability to meet its objectives and expectations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Vulnerability/Capability Analysis? What 3 things are looked for?

A

Vulnerability is dependent on the risk control measures deployed to manage a risk event.

Capability is dependent on the adaptability of the entity and its ability to response to negative event and to take advantage of positive events. Specifically, it is a process for evaluating:

1) Competence, aptitude, and experience of people and the organization.
2) Suitability of Technology
3) Application of process for purposes to determine whether or not the expected output will fall within an acceptable range.

The analysis of both Vulnerabilities and Capabilities evaluates the efficacy of the risk measures in place that will have an effect on the likelihood of a threat or opportunity materializing and likelihood and extent of consequences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is opportunity analysis in terms of a risk assessment?

A

Opportunity analysis typically looks at the potential for change that an organization might undergo to improve its overall results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does threat analysis consider in terms of a risk assessment?

A

Threat analysis considers impacts, timeframes, and factors that may prevent achievement of objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is impact analysis?

A

Process that identifies and evaluates potential effects of change upon an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Error Analysis?

A

A consideration of the kind and quantity of error that may occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Sensitivity Analysis?

A

Any systematic technique used to understand how risk estimates and risk based decision are dependent on variability and uncertainty in factors contributing to risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Stress Analysis?

A

Stress Test are a form of simulation used to determine reaction to different situations. Stress tests are also used to gauge how certain stressors will affect an entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a gap analysis? What are the three steps of GAP Analysis?

A

xxx

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the six basic steps carrying out the risk assessment process?

A

1) Identify and value Assets
2) Identify Threats
3) Determine Vulnerabilities
4) Impact of a loss event
5) Analysis and prioritization
6) Mitigation and baseline approach

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What 3 factors are included in a cost benefit analysis?

A

1) Cost
2) Reliability (prior deployments)
3) Delay (delay costs to make a system fully operational)

17
Q

What are three risk assessment techniques?

A

1) Heuristic (ad hoc)
2) Inductive (Bottom Up, Risks identified at beginning of analysis) (May provide incomplete results) (Event Trees)
3) Deductive (Logic Diagrams)(Top down) (Fault trees)