Domain 5:Explain elements of the risk management process Flashcards

1
Q

Threat

A

A threat is someone or something that wants to inflict loss on a company by exploiting vulnerabilities. In the preceding example, it’s the person who takes the gold. In IT security, it could be a hacker that wants to steal a company’s data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk

A

The risk is the probability that an event will occur that results in financial loss or loss of service. In the preceding example, the probability that the trash or gold would be taken. In IT security, it is the probability your system could be hacked or data stolen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vulnerability

A

This is a weakness that helps an attacker exploit a system. In the preceding example, it is the fact that outside your front door is not a secured area. In IT security, it could be a weakness in a software package or a misconfiguration of a firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Ad hoc risk assessment:

A

Ad hoc assessments are sporadic and arise in response to specific events or perceived threats. This type of assessment is tailored to focus on the immediate dangers and is characterized by its flexibility and swift implementation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk assesment

A

Risk assessment is a systematic and structured process where the organization identifies, analyzes, and evaluates risks associated with potential threats and vulnerabilities in order to make informed decisions and prioritize resource allocation effectively

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Recurring Assesments

A

Recurring assessments are routine and scheduled to occur at predetermined intervals. This approach ensures that the organization’s security posture is regularly monitored, evolving threats are detected, and changes in the environment or operations are addressed. Regularly scheduled assessments enable organizations to stay vigilant and maintain an updated understanding of their risk profile, fostering a proactive security culture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

One-Time assessments

A

One-time assessments are conducted for specific scenarios or projects, often at the inception of a new venture, system implementation, or organizational change. This approach provides a detailed one-time view of the risks associated with a particular endeavor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Continuous risk assessment

A

Continuous risk assessment goes above and beyond the periodic nature of recurring assessments, characterized by real-time monitoring and the analysis of risks. This dynamic approach integrates risk assessment seamlessly into the organization’s daily operations, allowing for instantaneous detection and response to threats as they arise. Continuous assessment is vital in today’s fast-paced and dynamic threat landscape as it empowers organizations to stay a step ahead of potential security breaches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Risk analysis

A

Risk analysis is a pivotal process for identifying and managing potential risks that could impact an organization adversely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Qualitative Analysis

A

Qualitative risk analysis uses subjective judgment to categorize risks as high, medium, or low, focusing on the potential impact, such as the likelihood of occurrence

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Quantitative risk analysis,

A

Quantitative risk analysis, on the other hand, assigns numerical values to risks identified as high in qualitative analysis. It quantifies and creates a precise measurement of the probability and the impact of risks, helping to determine the potential cost and formulate data-driven mitigation strategies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Single Loss Expectancy (SLE):

A

SLE represents the monetary value of the loss of a single item. Losing a laptop worth $1,000 while traveling, for instance, implies an SLE of $1,000.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Annualized Rate of Occurrence (ARO)

A

ARO refers to the number of items lost annually. For example, if an IT team experiences the loss of six laptops in a year, the ARO is 6.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Annualized Loss Expectancy (ALE):

A

This is calculated by taking the SLE and multiplying it by the ARO and represents the total expected loss per year, providing a foundation for insurance and risk management decisions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Probability

A

Probability is a fundamental concept in risk analysis that describes the chance of a specific event occurring. It is quantified as a number between 0 and 10; the closer the number is to 10, the higher the probability that the event will occur.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Likelihood

A

: Likelihood is synonymous with probability in risk analysis, representing the possibility of a risk materializing. It is often expressed in qualitative terms, such as high, medium, or low, providing an intuitive grasp of the risk’s occurrence.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Exposure Factor

A

): EF is a measure of the magnitude of loss or damage that can be expected if a risk event occurs. It is represented as a percentage, reflecting the portion of an asset’s value likely to be affected. By determining the EF, organizations can assess the extent of damage a specific risk can inflict to produce more accurate risk valuations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Impact

A

Impact is the consequence or the effect that a risk event has on an organization or a specific asset

19
Q

Effective impact

A

Impact x Probability x Exposure factor

20
Q

Risk register

A

A risk register is a crucial document in risk management processes that provides a detailed log of risks identified during a risk assessment

21
Q

Risk owners

A

A risk owner is an individual or team assigned the task of risk management.

22
Q

key risk indicator (KRI)

A

is a metric for measuring the likelihood that the combined probability of an event and its consequences will exceed the organization’s risk appetite and have a profoundly negative impact on an organization’s ability to be successful.

23
Q

Risk threshold

A

The risk threshold represents the level of risk that an organization is willing to accept or tolerate

24
Q

Risk tolerance

A

Risk tolerance is the organization’s personalized threshold for embracing the unknown.

25
Q

Expansionary risk appetite

A

Organizations with an expansionary risk appetite typically embrace higher levels of risk in an effort to foster innovation and gain a competitive edge. These organizations often prioritize growth and expansion and seek higher returns and market shares over stringent security protocols, potentially exposing them to a spectrum of threats

26
Q

Conservative risk appetite

A

In contrast to those with expansionary appetites, organizations with a conservative risk appetite prioritize security and risk mitigation over aggressive growth strategies. They have a carefully planned security control approach to risk management and often reject opportunities that are deemed too risky.

27
Q

Neutral risk appetite:

A

Organizations with a neutral risk appetite strike a balance between expansionary and conservative approaches. They assess each opportunity on a case-by-case basis, accepting only risks that are manageable and align with their strategic objectives

28
Q

Risk transference

A

: In this approach, significant risks are allocated to a third party, often through insurance or outsourcing your IT systems. For example, companies recognizing the potential damages from a road traffic accident will purchase car insurance to transfer the financial risk to the insurer. Similarly, businesses are increasingly adopting cybersecurity insurance to cover potential financial losses, legal fees, and investigation costs stemming from

29
Q

Risk acceptance:

A

Risk acceptance is the acknowledgment of a specific risk and the deliberate decision not to act to mitigate against the risk as it is deemed too low.

30
Q

Risk avoidance

A

When the identified risk is too substantial, a decision may be made to abstain from the risky activity altogether. A practical example is an individual deciding not to jump from a considerable height without safety measures, due to the extreme risk involved.

31
Q

Risk Mitigation

A

Risk mitigation is a comprehensive strategy wherein identified risks are analyzed to determine their potential impacts, and suitable measures are employed to reduce the risk levels

32
Q

Risk Reporting

A

Risk reporting is the process of systematically gathering, analyzing, and presenting information about risks within an organization.

33
Q

Informed decision-making

A

Risk reports provide decision-makers with timely and relevant information about potential risks. Armed with this knowledge, they can make informed decisions that minimize negative impacts and maximize opportunities.

34
Q

Stakeholder confidence

A

Effective risk reporting enhances stakeholder confidence. Investors, customers, and partners are more likely to trust organizations that transparently disclose their risk management strategies and outcomes.

35
Q

Business Impact Analysis

A

BIA is carried out by an auditor with the objective of identifying a single point of failure. The auditor checks for any component whose failure would significantly impair or halt a company’s operations.

36
Q

Recovery Point Objective (RPO):

A

the Recovery Point Objective (RPO) as closely as possible. The RPO is the amount of time a company can operate without its systems.

37
Q

Recovery Time Objective

A

The RTO is the time when a business aims to restore its operations to an operational level after a disruption

38
Q

Mean time to repair

A

MTTR signifies the average duration needed to restore a malfunctioned system to its optimal operating condition. For instance, if a vehicle experiences a breakdown at 2:00 P.M. and its repair is completed by 4:00 P.M., this yields an MTTR of two hours, denoting a relatively swift resolution.

39
Q

Mean Time Between Failures (MTBF)

A

: MTBF stands as a paramount metric in evaluating and enhancing the reliability of systems and components. It provides insights into the average time a system or component operates without failure. It acts as a critical indicator of the inherent reliability and endurance of equipment or systems, providing a foundational basis for predictive maintenance and system optimization.

40
Q

Raid 0

A

• Description: Splits (stripes) data evenly across two or more disks without redundancy.
• Advantages:
• High read and write performance.
• Disadvantages:
• No fault tolerance. If one disk fails, all data is lost.
• Use Case: High-performance applications where data loss is not critical.

41
Q

Evidence must be captured in following order

A

Evidence must be captured in the following order:

CPU cache: This fast but volatile memory is used by the CPU and can provide critical insights.
Random Access Memory (RAM): Volatile memory running applications holds valuable information.
Swap/page file/virtual memory: This is when RAM is exhausted, these are areas of a hard drive used instead of RAM, but much slower.
Hard drive: Data at rest is the least volatile and is captured after volatile memory. This is where data is saved to the hard drive.

42
Q

Stages of the Cyber Kill Chain

A

Stages of the Cyber Kill Chain

Reconnaissance

Calling employees, sending emails, social engineering, dumpster diving

Weaponization

Create malware payload

Delivery

Delivery medium, such as USB, email, web page

Exploitation

Executing code via a vulnerability

Installation

Installing malware on the asset

Command and Control

Infected system sends back information to the attacker

Action on Objectives

Hands-on keyboard—attack complete

43
Q

Diamond Model

A

Adversary: This is the threat actor group. The MITRE ATT&CK framework can be used to identify who they are and what attacks they use.
Capabilities: This refers to the exploit an adversary develops to carry out their attack. These are also laid out in the MITRE ATT&CK model.
Infrastructure: This is the path or means by which the attacker can get to the victim. This could be via USB, email, IP address, or remote access.
Victim: This is the person targeted by the adversary.

44
Q

Effectivie Impact

A

Effective impact = Impact x Probability x Exposure factor