Assets, Threat, Vulnerability and Risk

Question 0

What is Risk Analysis

Answer 0

A detailed examination that includes

• risk assessment
• vulnerability evaluation
• risk management alternatives

Question 1

Formula for determining Security Risk

Answer 1

Security risk rating = assets value rating x threat likelihood rating x vulnerability rating

Question 2

Why is risk analysis performed

Answer 2

Understand the nature of unwanted negative consequences to human life, health, property and the environment.

Question 3

Determining asset value, threats, likelihood, impact and consequent vulnerability

Answer 3

Risk Assessment

Question 4

Determining measures and safeguards to mitigate threats and reduce vulnerabilities.

Answer 4

Risk Managemen

Question 5

Relating to, concerning, or based on the amount of something

Answer 5

Qualitative risk assessment

Question 6

Relating to that which is characteristic of something and which makes it what it is

Answer 6

Qualitative risk assessment

Question 7

Annual loss expectancy (ALE) formula

Answer 7

ALE = threat probability X the value of the potential loss

Question 8

The Risk Equation

Answer 8

R=Pa[1-(Pi)]C

• R= risk of the facility of an adversary gaining access to assets (0 to 1)
• Pa= Probability of an adversary attack during a time period
• Pi= probability of attack interruption (security response)
• C = consequence value

Question 9

Annual Loss Expectancy Equation

Answer 9

ALE = 10(f+I-3) / 3

i = cost valuation
f = estimated frequency

Question 10

What is FEMAs approach to Qualitative Analysis

Answer 10

Scale of 1 - 10

Risk = Impact X likelihood

Question 11

What is an Asset

Answer 11

Anything you want to protect because of its value, it’s importance to maintains business continuity and/or it’s ability to be replaced within a required timeline.

Question 12

Three steps to asset identification

Answer 12

Step 1 - define and understand the company’s primary business functions and processes
2 - identify site and building infrastructure systems
3 - identify the company’s critical tangible and intangible assets

Question 13

Two ways to establish values for assets

Answer 13

Cost of loss formula

Assign a relative value to each asset based on priority eg 1 - 5

Question 14

Cost of Loss Formula

Answer 14

K = (Cp + Ct + Cr + Ci) - 1

K = critically, total cost of loss, Cp = cost of permanent replacement 
Ct = cost of temp substitute! Cr = total related costs
Ci = lost income total, I = available insurance of indemnity

Question 16

The First step in risk analysis is assesing the assets and their vlaue, and the first step to assessing them is to identify them. Name the three steps useful for identifyinh a company’s critical assets

Answer 16

1) Define and understand business processes and function 2) Identify site and building infrastructure and systems 3) Identify critical tangible and intagible assets

Question 17

Name three factors that can help you value the assets you’ve identified

Answer 17

Select any of the following: injuries/deaths, replacment cost, support agreements and lifelines in place, critical or sensitive information value, impact on reputation and loss of revenue

Question 18

what is a company’s most critical asset

Answer 18

People

Question 19

name two methods used to quantify asset value

Answer 19

Cost of loss formula; assigning relative value to each asset based on priority

Question 20

True or False: Qualitative methids are the most common approach to risk assessment

Answer 20

TRUE

Question 21

Definition of Threats

Answer 21

ontent to damage or injure, an indication of something impending (associated with humans)

Question 22

Definition of Hazards

Answer 22

sources ofpotential danger or adverse conditions (associated with nature)

Question 23

Definition of Loss event profile

Answer 23

a list of the threats affecting the assets to be safeguarded

Question 24

Three categoris of Nature of Threats

Answer 24

1) crimes 2) Non0crimnal events such as man-made incidents or natural disasters 3) Consequential events caused by an enterprise relationsip with another organization when the other organizations poor or negative reupatation advesly affects the enterprise

Question 25

What are two Non-Crime Related Threats

Answer 25

1) Natural Disasters 2) Human-made Disasters

Question 26

Definition of Consequential Event Threats

Answer 26

A relationship between events or between two different prganizations causes the company some type of loss as a consequence of that even or afficliation. 2) Where the event or an aactivity of one organization damage the reputation of the other.

Question 27

True or False: Qualitative methids are the most common approach to risk assessment

Answer 27

TRUE

Question 28

Three categoris of Nature of Threats

Answer 28

1) crimes 2) Non0crimnal events such as man-made incidents or natural disasters 3) Consequential events caused by an enterprise relationsip with another organization when the other organizations poor or negative reupatation advesly affects the enterprise

Question 29

Definition of Loss event profile

Answer 29

a list of the threats affecting the assets to be safeguarded