Chapter 1 Flashcards
Risk Assessment
Risk assessment is the process or identifying, estimating and ranking potential risks to an organisation, including its operations, assets, people and the country, resulting from using information systems.
Risk Management Tiers
Risk assessments can be conducted at three tiers: Tier 1 (organizational level,) Tier 2 (mission/business process level), and Tier 3 (information system level).
Risk Management Processes
Risk Management processes encompass four key components: framing risk, assessing risk, responding to risk, and monitoring risk.
Framing Risk
The process of creating a strategy that shows how an organisation intends to assess, respond to and monitor risk.
Assessing Risk
Assessing risk is the process of identifying relevant threats, vulnerabilities, potential impacts, and the likelihood of harm.
Responding to Risk
It involves providing a consistent, organisation-wide response to risk by developing alternative courses of action, evaluating them, and determining an appropriate course of action that aligns with the organisation’s risk tolerance.
Monitoring Risk
Involves checking the effectiveness of risk responses, identifying changes, and ensuring that planned risk responses are implemented to meet security requirements.
Risk Tolerance
An organisations willingness to accept and manage risk, guiding decisions on how much risk is acceptable.
Vulnerability
Vulnerabilities are weaknesses in systems or assets that could be exploited to cause harm or loss.
Threat
A threat is anything that can potentially harm or damage an organisation, its assets or its operations.