Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Certified in Cybersecurity > Chapter 4: Risk Management > Flashcards

Chapter 4: Risk Management Flashcards

Understand the Risk Management Process

1
Q

Risks can be divided into what two categories?

A
  • Internal
  • External
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

{Blank} risks are thoses that arise from within the organization.

A

Internal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

{Blank} risks are those where the treat originates outside of the organization.

A

External

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

{Blank} are risks that sre shared among many different organizations.

A

Multiparty Risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

{Blank} is the process of idenfying and triaging the risks facing an organization based on the liklihood of their occurence and their expected impact on the organization.

A

Risk Identification and Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

{Blank} are external forces that jeopardize the security of your information and systems. These might be naturally occuring, such as hurricanes and wildfires, or human-made, such as hacking and terrorism. You can’t normally control what {blank} are out there. They exist independently of you and your organization.

A

Threats

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

{Blank} are weaknesses in your security controls that a threat might exploit to undermine the confidentiality, integrity, or availability of your information or systems.These might include missing patches, promiscuous firewall rules, or security misconfigurations. You do have control over the {blank} in your environment, and security professionals spend much of their time hunting down and remediating them.

A

Vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

{Blank} occur when your environment contains both a vulnerability and a corresponding threat that might exploit the vulnerability.

A

Risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A {blank} is the method that an attacker uses to get to a target. This might be a hacker toolkit, social engineering, or physical intrusion.

A

Threat Vector

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

The {blank} of a risk is the probability that it will actually occur.

A

Likelihood

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The {blank} of a risk is the amount of damage that will occur if the risk materializes.

A

Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

{Blank} use subjective judments to assess risks, typically categorizing them as low, medium, or high on both the likelihood and impact scales.

A

Qualitative Techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

{Blank} use objective numeric rating to assess the likelihood and impact of a risk.

A

Quantitative Techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

{Blank} is the process of systematically analyzing potential responses to each risk and implementing strategies to control those risks appropriately.

A

Risk Treatment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the four risk treatment strategies?

A
  • Avoid the risk
  • Transfer the risk
  • Mitigate the risk
  • Accept the risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When you practice {blank}, you change your organization’s business practices so that you are no longer in a position where that risk can affect your business.

A

Risk Avoidance

17
Q

{BLANK} attempts to shift the impact of a risk from your organization to another organization.

A

Risk Transference

18
Q

{Blank} takes actions designed to reduce the likelihood and/or impact of a risk.

A

Risk Mitigation

19
Q

{Blank} should only take place as part of a thoughtful analysis that determines that the cost of performing another risk management action outweighs the benefit of controlling the risk.

A

Risk Acceptance

20
Q

The combination of risks that affect an organization are known as its {blank}.

A

Risk Profile

21
Q

The initial level of risk that exists in an organization before any controls are put in place is the organization’s {blank}.

A

Inherent Risk

22
Q

The risk that remains afetr the inherent risk is reduced by controls is known as the {blank}.

A

Residual Risk

23
Q

Controls themselves may introduce some new risk. The new risk that results from adding controls is known as {blank}.

A

Control Risk

24
Q

An organization will need to accept some ongoing risk in order to continue operations. Business leaders must decided how much risk they choose to accept. This is a process known as determining the organization’s {blank}.

A

Risk Tolerance

25
Q

Jen identified a missing patch on a Windows server that might allow an attacker to gain remote control of the system. After consulting with her manager, she applied the patch. From a risk management perspective, what has she done?

A. Removed the threat
B. Reduced the threat
C. Removed the vulnerability
D. Reduced the vulnerability

A

Removed the vulnerability

26
Q

Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of senstive personal information due to a type of attack called SQL injection. She is considering a variety of approaches to managing the risk.

Grace’s first idea is to add a web application firewall to protect her organization against SQL injection attacks. Which risk management strategy does this approach adopt?

A. Risk acceptance
B. Risk avoidance
C. Risk mitigation
D. Risk transference

A

Risk Mitigation

Certified in Cybersecurity (5 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions