Chapter 4 Flashcards
Define risk management
Analyzing a risk to quantify the potential for losses in a specific investment and to decide what is the appropriate action to take
Define loss exposure
A situation or physical circumstance that makes an individual or an organization vulnerable to loss, damage, or injury and will lead to financial loss
Define enterprise risk management
An approach to managing all of an organizations key business risks and opportunities with the intent of maximizing shareholders value
What are the four main areas in ERM framework?
Strategy
Governance and culture
Operating model
Data and technology
Explain strategy in the ERM framework
Includes profitability and growth, and how the company is going to meet those expectations
Explain governance and culture in ERM framework
Establishes the internal systems and processes that ensure a company functions effectively. It also provides oversight and establishes how decisions are made in a company
Explain operating model in ERM framework
Standardized systems and processes allow a company to respond quickly and effectively to potential competitive or strategic risks. This area considers how a company manages its operational risks holistically
Define risk control
Actions taken to identify potential losses and devise strategies to reduce the risks or eliminate them
Explain pre- and post-loss planning
-Organizations that plan for cyber attacks are the most resilient after these events occur
-Putting together a cyber plan includes determining who will be assigned specific responsibilities in the event of a breach, creating a written plan, and practising the plan
-Being prepared significantly reduces the time from when the breach is detected to when the company is back up and running
Under PIPEDA and the Digital Privacy Act, who is found responsible in the case of a cyber attack and a third party service provider is involved?
The company
Even if IT is outsourced
What are some network security control options?
Firewalls
Antivirus software
Intrusive detection systems/intrusion prevention systems
Data loss prevention software
Encryption on devices, both at rest and in transit
Access control procedures
Patch management policies
Network segmentation
What are the main steps in risk management process?
-Identify and analyzing exposures- human perils, natural perils, economic perils
-Formulating options- reducing, eliminating, assuming, retaining, or transferring risk
-Selecting the best technique- selection is unique to each organization
-Implementing the risk management plan- including a plan to implement the risk control program
-Monitoring results and modifying the plan
