Chapter 1

Question 1

Risk Assessment

Answer 1

Risk assessment is the process or identifying, estimating and ranking potential risks to an organisation, including its operations, assets, people and the country, resulting from using information systems.

Question 2

Risk Management Tiers

Answer 2

Risk assessments can be conducted at three tiers: Tier 1 (organizational level,) Tier 2 (mission/business process level), and Tier 3 (information system level).

Question 3

Risk Management Processes

Answer 3

Risk Management processes encompass four key components: framing risk, assessing risk, responding to risk, and monitoring risk.

Question 4

Framing Risk

Answer 4

The process of creating a strategy that shows how an organisation intends to assess, respond to and monitor risk.

Question 5

Assessing Risk

Answer 5

Assessing risk is the process of identifying relevant threats, vulnerabilities, potential impacts, and the likelihood of harm.

Question 6

Responding to Risk

Answer 6

It involves providing a consistent, organisation-wide response to risk by developing alternative courses of action, evaluating them, and determining an appropriate course of action that aligns with the organisation’s risk tolerance.

Question 7

Monitoring Risk

Answer 7

Involves checking the effectiveness of risk responses, identifying changes, and ensuring that planned risk responses are implemented to meet security requirements.

Question 8

Risk Tolerance

Answer 8

An organisations willingness to accept and manage risk, guiding decisions on how much risk is acceptable.

Question 9

Vulnerability

Answer 9

Vulnerabilities are weaknesses in systems or assets that could be exploited to cause harm or loss.

Question 10

Threat

Answer 10

A threat is anything that can potentially harm or damage an organisation, its assets or its operations.