Information risk

Question 1

What is OSINT?

Answer 1

Open source intelligence gathering
Publicly available information from different sources are gathered and used for research

Question 2

What are the three types of vulnerabilities?

Answer 2

Technical, Physical, Administrative/procedural

Question 3

Risk =

Answer 3

Impact * likelihood

Question 4

What ISO standard deals with risk management?

Answer 4

ISO27005 and ISO3100 series

Question 5

What are the four stages of risk management?

Answer 5

Identification, analysis, treatment, monitoring

Question 6

What is risk capacity?

Answer 6

Maximum amount of risk a business can take before viability is affected

Question 7

What is risk appetite?

Answer 7

Amount of risk a business is willing to accept during its mission - lower than capacity

Question 8

What is risk acceptance?

Answer 8

Lowest level of risk a business accepts on a daily basis after treatment has been done

Question 9

What is risk tolerance?

Answer 9

Amount of risk a business can accept if risk was a little more than risk appetite, AKA wriggle room

Question 10

What are strategic risks?

Answer 10

Risks that affect business in the long term

Question 11

What are tactical risks?

Answer 11

Risks that occur on a regular basis

Question 12

What controls help to reduce tactical risks?

Answer 12

Preventative, Directive, Detecting, Corrective

Question 13

What is operational risk?

Answer 13

Risk found in daily operation of business

Question 14

What is a risk matrix?

Answer 14

Way of visualizing likelihood of risks happening in a business

Question 15

What are the 4 ways of risk treatment?

Answer 15

Avoidance, accepting, transfer, mitigation