IS 3110 CHAP 5 Flashcards
What can you use to help quantify risks?
- SLE
- ARE
- Risk assessment
- Risk mitigation plan
- All the above
ALL SLE ARE Risk assessment Risk mitigation plan
A risk ___ is a major component of a risk management plan.
Assessment
Risk assessments are a continuous process.
TRUE OR FALSE
FALSE
A ___ ___ ___ uses SLE.
Quantitative risk assessment
What elements are included in a qualitative analysis
- SLE, ALE, ARO
- ALE, ARO, ARP
- Probability and impact
- Threats and vulnerabilities
Probability and impact
What elements are included in a quantitative analysis?
- SLE, ALE, ARE
- ALE, ARO, SAP
- Probability, impact and money
- Threats, vulnerabilities and reputation
SLE, ALE, ARE
Qualitative analysis is more time consuming than quantitative analysis.
TRUE OR FALSE
FALSE
You are trying to decide what type of risk assessment methodology to use. A primary benefit of a ___ risk assessment is that it can be complete quicker than other methods.
Qualitative
You are trying to decide what type of risk assessment methodology to use. A primary benefit of a ___ risk assessment is that it includes details for a cost-benefit analysis.
Quantitative
What must you define when performing a qualitative risk assessment?
- Formulas used for ALE
- Scales used to define probability and impact
- Scales used to define SLE and ALE
- Acceptable levels of risk
Scales used to define probability and impact
A ___ risk assessment is objective. It uses data that can be verified.
Quantitative
A ___ risk assessment is subjective. It relies on the opinions of experts.
Qualitative
One of the challenges facing risk assessments is getting accurate data. What can be included in the risk assessment report to give an indication of the reliability of the data?
- Probability statement
- Accuracy scale
- Validity level
- Uncertainty level
Uncertainty level
You are working on a qualitative risk assessment for your company. You are thinking about the final report. What should you consider when providing the results and recommendations? (Select two)
- Resource allocation
- SLE and ARO
- Risk acceptance
- SLE and ALE
Resource allocation
Risk acceptance
Of the following, what would be considered a best practice when performing risk assessments?
- Start with clear goals and a defined support
- Ensure support of senior management
- Repeat the risk assessment regularly
- Provide clear recommendations
- All of the above
ALL Start with clear goals and a defined support Ensure support of senior management Repeat the risk assessment regularly Provide clear recommendations