Domain 2 - Risk Management Flashcards
what is an asset
something of tangible or intangible value worth protecting
what is a vulnerability
weakness in the design, implementation, operation, or internal control process that could expose a system to adverse threats - lack of adequate controls
what is a threat
something that could pose loss to all or part of an asset
what is probability
the likelihood the risk will occur
what is impact
damage caused if the risk event occurs. refereed to as severity
what is a threat agent
what carries out the attack
what is an exploit
an instance of compromise
what is needed for something to be considered a risk
- asset
- vulnerability
- threat
what are the two things the gives a risk value
- probability
- impact
what is risk called in the future and onces its happened
- future risk is a risk
- once a risk has occured its called an incident
what is inherent risk
with all businiess endeavors there is some degree of risk
what is residual risk
risk that remains after a cotnrol has been implemented
how much mitigation should be applied to a risk
until the residual risk is withing the level that management is willing to accept (management risk tolerance)
what is secondary risk
one risk may cause a second risk or the risk created after applying a control
what is risk appetite
s
senior management approach to risk - what they are willing to accept
* risk seeking
* risk neutral
* risk adverse
what is risk tolerance
acceptable level of varation that management is willing to allow for any particular risk
what is risk profile
an organizations current exposure to risk
what is risk threshold
a quantified lit beyond which your organziation is not willing to go
what is risk capacity
amount of risk an organization can absorb without threanening is viability
what is risk utility
the positive outcome desired from taking a risk
controls
proactive and reactive mechanisms put in place to manage risks
what is systemic risk
catory of risk that describes threats to system, market or econimic segment
contagious risk
events that impact multiple organaizations in a short time
* dyn DDOS to many orgs - amazon, twitter, google etc.
* loss of trust and confidents in the payment and settlement systems
what is obsure risk
risk that has not yet occrurred and is unlikely or difficult to fathom (black swan event)