Chapter 2 Risk Management Flashcards
Key Points 1
Security’s primary objective is to manage risks by balancing the cost of protection measures to the benefit of those measures.
Key Points 2
There are six steps in the risk assessment process: Identify and value assets Identify threats Determine the vulnerabilities Impact of a loss event Analysis and prioritization Mitigation baseline approach
Key Points 3
Assets can be categorized into three categories: 1) tangible, 2) intangible, and 3) mixed
Key Points 4
Assets can be valued using two methods: 1) relative value, and 2) cost-of-loss formula
Key Points 5
Threats can be characterized as:1) natural, 2) intentional, and 3) inadvertent
Key Points 6
The difference between a vulnerability and a threat is that a vulnerability allows some level of control. Threats are typically outside of the control of the organization.
Key Points 7
Impact is usually measured in financial terms.
Key Points 8
Analyzing risk can be achieved in two basic steps: 1) calculation of impact, and 2) prioritization the identified risks.
Key Points 9
When choosing mitigation measures, it is important to consider the potential adverse effect each strategy may have on the operations of the organization.
Key Points 10
One approach to determining risk results uses a basic Risk Formula: (Threat x Vulnerability x Impact)1/3 = Risk
Key Points 11
Determining mitigation measures can be done using four steps: 1) select, 2) test, 3) implement, and 4) trai
Key Points 12
The difference between qualitative and quantitative assessments:
Qualitative Assessment - uses a general range or description such as high, medium and low to describe asset value and risk element calculations. Typically used for low-value assets or operations.
Quantitative Assessment - uses specific numerical values and scientific formulas to describe asset value and risk element calculations. Typically used for high-value assets or operations.
Key Points 13
Five methods of addressing risk: 1) risk avoidance, 2) risk spreading, 3) risk transfer, 4) risk reduction or 5) combination of any or all methods
Key Points 14
A security survey is a thorough examination of a facility, its operations, systems, and procedures. It is conducted to assess the current level of security, determine any vulnerabilities, and assess the level of protection needed to address those vulnerabilities.
Key Points 15
A cost-benefit analysis typically consists of three factors: 1) cost, 2) reliability, and 3) delay
Key Points 16
Three survey approaches: 1) outside-in approach, 2) inside-out approach, and 3) functional (Security Discipline) approach
Key Points 17
A SWOT Analysis focuses on Strengths, Weaknesses, Opportunities, and Threats.
Key Points 18
Criteria of a Security Survey Report: Accurate Clarity Concise Timeliness Consider slant or pitch
Key Points 19
Automated assessment tools can be of assistance when you are processing, analyzing, comparing, and storing large amounts of data. Automated tools are not good at assessing the intangible factors in the assessment process.
Risk Management
A business discipline that consists of three major functions: 1) loss prevention, 2) loss control, and 3) loss indemnification.