Fundamentals Flashcards
What are four examples of intangible assets?
1) Data
2) Brand
3) Reputation
4) Intellectual Property
What is Risk Tolerance/Acceptable Risk?
The level of risk and organization is willing to accept.
What is a Risk Treatment/Control? What 3 methods are there? What should a control or treatment not do?
The method used to lower/eliminate a risk. Examples in include isolation of, insurance for, elimination of, sharing of risk.
These methods could be administrative, technical, procedural, substitution measures.
Ensure that a control/treatment does not introduce new risks or that the new risks are easier to address/less serious than the initial risk.
What is a Risk Registry? What is it used for?
A list of identified risks and characteristics, severity and likelihood of the risks. The Registry is often used to compare risks from many different sources.
What 3 elements should be included at a minimum to cost effectively manage risk?
1) Protecting the Organization and its value chain.
2) Responding to events
3) Continuing Operations while recovering from events.
Define CCP.
Critical Control Point-A point, step, or process at which controls can be applied to modify risk.
What is a management system?
A framework of policies, processes, and procedures used to ensure that an organization can fulfill all tasks required to achieve its objectives.
What is a risk driver?
An event, individual, process or trend having impact on the objectives of the organization.
What is risk?
The effect of uncertainty on the achievement of strategic, tactical, and operational objectives.
What is the difference between Risk Appetite, Tolerance, and Aversion?
Appetite: The risk an entity is willing to pursue, retain, or take. (The general level of risk you accept)
Tolerance: The risk an entity is ready to bear after risk treatment. (The ability to bear a realized risk)
Aversion: The risk a company is not willing to undertake.
What is Risk Management Context?
Describes the scope, as well as risk control parameters, methods and plans currently in place for the risk management activities.
What is a Risk Portfolio?
A complete collection and range of uncertainties that affect an organization’s future. Sometimes called a Risk Universe.
What are the 5 Avenues to avoid risk?
1) Risk Avoidance
2) Risk Transfer
3) Risk Spreading (spread valuables over multiple sites)
4) Risk Reduction
5) Risk Acceptance
What is risk management?
The systematic approach that identifies risk, calculates risk impact, eliminates or minimizes risk to an acceptable level. Risk management includes risk assessment as a sub-component.
What is the difference between observability and exploitablity?
Observablity is an adversary’s ability to see a vulnerability.
Exploitablity is an adversary’s ability to take advantage of a vulnerability.