Fundamentals Flashcards

1
Q

What are four examples of intangible assets?

A

1) Data
2) Brand
3) Reputation
4) Intellectual Property

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Risk Tolerance/Acceptable Risk?

A

The level of risk and organization is willing to accept.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Risk Treatment/Control? What 3 methods are there? What should a control or treatment not do?

A

The method used to lower/eliminate a risk. Examples in include isolation of, insurance for, elimination of, sharing of risk.

These methods could be administrative, technical, procedural, substitution measures.

Ensure that a control/treatment does not introduce new risks or that the new risks are easier to address/less serious than the initial risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is a Risk Registry? What is it used for?

A

A list of identified risks and characteristics, severity and likelihood of the risks. The Registry is often used to compare risks from many different sources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What 3 elements should be included at a minimum to cost effectively manage risk?

A

1) Protecting the Organization and its value chain.
2) Responding to events
3) Continuing Operations while recovering from events.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define CCP.

A

Critical Control Point-A point, step, or process at which controls can be applied to modify risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a management system?

A

A framework of policies, processes, and procedures used to ensure that an organization can fulfill all tasks required to achieve its objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a risk driver?

A

An event, individual, process or trend having impact on the objectives of the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is risk?

A

The effect of uncertainty on the achievement of strategic, tactical, and operational objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the difference between Risk Appetite, Tolerance, and Aversion?

A

Appetite: The risk an entity is willing to pursue, retain, or take. (The general level of risk you accept)

Tolerance: The risk an entity is ready to bear after risk treatment. (The ability to bear a realized risk)

Aversion: The risk a company is not willing to undertake.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Risk Management Context?

A

Describes the scope, as well as risk control parameters, methods and plans currently in place for the risk management activities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is a Risk Portfolio?

A

A complete collection and range of uncertainties that affect an organization’s future. Sometimes called a Risk Universe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 5 Avenues to avoid risk?

A

1) Risk Avoidance
2) Risk Transfer
3) Risk Spreading (spread valuables over multiple sites)
4) Risk Reduction
5) Risk Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is risk management?

A

The systematic approach that identifies risk, calculates risk impact, eliminates or minimizes risk to an acceptable level. Risk management includes risk assessment as a sub-component.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the difference between observability and exploitablity?

A

Observablity is an adversary’s ability to see a vulnerability.

Exploitablity is an adversary’s ability to take advantage of a vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does mitigation focus on?

A

Soley on reducing consequences.

17
Q

What two things is a threat a combination of?

A

1) Adversary capabilities, motivation, and intent

2) Likelihood of attack (measured in terms of probability, and frequency

18
Q

What is the Threat Spectrum?

A

A summary of the threat actors and their motivations, intents, tools, and capabilities that could attack a facility.

19
Q

What are the six steps for carrying out both qualitative and quantitative performance based analysis?

A

1) Create an adversary sequence diagram
2) Conduct a path analysis
3) Perform Scenario Analysis
4) Complete a neutralization analysis
5) Determine system effectiveness and risk
6) Develop and analyze system effectiveness upgrades if risk is not acceptable.

20
Q

What three tools are used by a security program use to execute its mission?

A

1) Systems
2) Personnel
3) Regulations

21
Q

What are the 5 options of Risk Mitigation?

A

1) Assumption
2) Avoidance
3) Limitation (control implementation)
4) Transference
5) Site hardening

22
Q

What are consequential event threats?

A

Occurs because of a relationship between an event and another party. ex. a data-breach at a provider affects all of the providers clients.

23
Q

What is the difference between a threat and a hazard?

A

A hazard is a source of potential danger or adverse conditions (commonly natural).

A threat is the intention to cause damage or injury and is associated with humans.

24
Q

What is a loss event profile?

A

A list of the kinds of threats affecting the assets to be safeguarded.

25
Q

What is Risk? What three components does it take into account?

A

The potential for loss of or damage to an asset.

1) Asset Value
2) Threats or Hazards
3) Vulnerability