IS 3110 CHAP 5 Flashcards

1
Q

What can you use to help quantify risks?

  1. SLE
  2. ARE
  3. Risk assessment
  4. Risk mitigation plan
  5. All the above
A
ALL
 SLE
 ARE
 Risk assessment
 Risk mitigation plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A risk ___ is a major component of a risk management plan.

A

Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Risk assessments are a continuous process.

TRUE OR FALSE

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A ___ ___ ___ uses SLE.

A

Quantitative risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What elements are included in a qualitative analysis

  1. SLE, ALE, ARO
  2. ALE, ARO, ARP
  3. Probability and impact
  4. Threats and vulnerabilities
A

Probability and impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What elements are included in a quantitative analysis?

  1. SLE, ALE, ARE
  2. ALE, ARO, SAP
  3. Probability, impact and money
  4. Threats, vulnerabilities and reputation
A

SLE, ALE, ARE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Qualitative analysis is more time consuming than quantitative analysis.
TRUE OR FALSE

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

You are trying to decide what type of risk assessment methodology to use. A primary benefit of a ___ risk assessment is that it can be complete quicker than other methods.

A

Qualitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

You are trying to decide what type of risk assessment methodology to use. A primary benefit of a ___ risk assessment is that it includes details for a cost-benefit analysis.

A

Quantitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What must you define when performing a qualitative risk assessment?

  1. Formulas used for ALE
  2. Scales used to define probability and impact
  3. Scales used to define SLE and ALE
  4. Acceptable levels of risk
A

Scales used to define probability and impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A ___ risk assessment is objective. It uses data that can be verified.

A

Quantitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A ___ risk assessment is subjective. It relies on the opinions of experts.

A

Qualitative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

One of the challenges facing risk assessments is getting accurate data. What can be included in the risk assessment report to give an indication of the reliability of the data?

  1. Probability statement
  2. Accuracy scale
  3. Validity level
  4. Uncertainty level
A

Uncertainty level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

You are working on a qualitative risk assessment for your company. You are thinking about the final report. What should you consider when providing the results and recommendations? (Select two)

  1. Resource allocation
  2. SLE and ARO
  3. Risk acceptance
  4. SLE and ALE
A

Resource allocation

Risk acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Of the following, what would be considered a best practice when performing risk assessments?

  1. Start with clear goals and a defined support
  2. Ensure support of senior management
  3. Repeat the risk assessment regularly
  4. Provide clear recommendations
  5. All of the above
A
ALL
 Start with clear goals and a defined support
 Ensure support of senior management
 Repeat the risk assessment regularly
 Provide clear recommendations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Total expected loss from a given risk for a year and is calculated by multiplying SLE X ARO. It is also part of a quantitative risk assessment.

A

Annual loss expectancy (ALE)

17
Q

Number of times loss from a given threat is expected to occur in a year. It is used with the SLE to calculate the ALE and is part of a quantitative risk assessment.

A

Annualized rate of occurrence (ARO)

18
Q

The amount of the loss resulting from a threat expiating a vulnerability. The loss can be expressed in monetary terms or a relative value. It identifies the severity of the loss and is derived from the opinions of experts.

A

Impact

19
Q

Used in qualitative risk assessment. It refers to the likelihood that a risk will occur. A risk occurs when a threat exploits a vulnerability. It is derived from the opinions of experts.

A

Probability

20
Q

A subjective method used for RAs. It uses relative values based on opinions from experts. It can be completed quickly and does not have predefined formulas.

A

Qualitative Risk assessment

21
Q

An objective method used for RAs. It uses numbers such as actual dollar values. It requires a significant amount of data that can sometime be difficult to obtain. The data is then entered into a formula.

A

Quantitative Risk assessment

22
Q

This is an acronym for redundant array of independent disks. It is also called redundant array of inexpensive disks. Multiple disks are used together to provide fault tolerance. A fault can occur with a disk and the system can tolerate it and continue to operate.

A

RAID (redundant array of independent disks)

23
Q

A process used to identify and evaluate risks based on an analysis of threats and vulnerabilities to assets. Quantified based on their importance or impact severity and can be prioritized.

A

Risk assessment (RA)

24
Q

Another term for a control. Used with controls to mitigate risk. They can mitigate the risk by reducing the impact of the threat. They can also mitigate the risk but reduce the vulnerabilities.

A

Safeguard

25
Q

The actual cost of control. This data can be used to complete a cost benefit analysis.

A

Safeguard value

26
Q

Total loss resulting from a single incident. It is expressed as a dollar value. It will include the value of hardware, software, and data. It is used to help calculate ALE (ALE= SLE X ARO). It is a part of quantitative risk assessment.

A

Single loss expectancy (SLE)

27
Q

The failure of any single component that can result in the total loss of a system. It is typically addressed by adding redundancy. EX. a disk drive can be protected with a RAID configuration. In addition, failover clusters remove servers as a point of failure.

A

Single point of failure (SPOF)

28
Q

A method of indicating the accuracy of data. Data consistency is evaluated to determine a level of certainty. You can then calculate the uncertainty level as 100 minus the percentage of certainty.

A

Uncertainty level