Information risk Flashcards
What is OSINT?
Open source intelligence gathering
Publicly available information from different sources are gathered and used for research
What are the three types of vulnerabilities?
Technical, Physical, Administrative/procedural
Risk =
Impact * likelihood
What ISO standard deals with risk management?
ISO27005 and ISO3100 series
What are the four stages of risk management?
Identification, analysis, treatment, monitoring
What is risk capacity?
Maximum amount of risk a business can take before viability is affected
What is risk appetite?
Amount of risk a business is willing to accept during its mission - lower than capacity
What is risk acceptance?
Lowest level of risk a business accepts on a daily basis after treatment has been done
What is risk tolerance?
Amount of risk a business can accept if risk was a little more than risk appetite, AKA wriggle room
What are strategic risks?
Risks that affect business in the long term
What are tactical risks?
Risks that occur on a regular basis
What controls help to reduce tactical risks?
Preventative, Directive, Detecting, Corrective
What is operational risk?
Risk found in daily operation of business
What is a risk matrix?
Way of visualizing likelihood of risks happening in a business
What are the 4 ways of risk treatment?
Avoidance, accepting, transfer, mitigation