IT Risk Assessment Flashcards
IT Risk Analysis Goal
Risk analysis estimates likelihood and impact of Risk Scenarios and helps plans PRIORITY of Risk Responses.
Risk Register
Enables prioritization and treatment of Risk for the organization.
Delphi Technique
Polling or information gathering either done anonymously or through interviews (questions).
QUALITATIVE ASSESSMENT
Fault Tree Analysis
Combines assessment of human and hardware failures to identify source of the incident.
Cause and Affect Analysis
Identifies when controls and processes do not operate as intended.
Quantitative Risk Analysis
Derives the probability and impact of risk scenarios from STATISTICAL METHODS and DATA. If you see the use of numbers, think Quantitative.
Risk Scenario Analysis
Includes several Risk Analysis methods including qualitative and quantitative.
Probabilistic Risk Assessments
Mostly used for complex engineering technology and used both quantitative and qualitative risk analysis.
Maturity Model
Primary reason is to determine current state and identify the GAP between desired state.
Risk Analysis
Estimates the frequency and magnitude of IT Risks
Risk Assessment
Identifies and evaluates risk And it’s affect on critical functions and processes necessary for the business to operate. It is during this phase when it is communicated with decision makers. Risk Scenarios are MOST affective.
Quantitative Risk
Determining probability (likelihood) and impact (consequence) to an asset.
Qualitative Risk Analysis
Using high, medium, and low for likelihood and impact considerations.
Conveys risk assessment by displaying links between possible causes, controls, and consequences
Bow Tie Analysis
Risk Assessment technique that analyzes system exposure to Personnel.
Human Reliabilty Analysis
