Key Terms 5

Question 1

Assigning monetary and numeric values to all the data elements of a risk assessment.

Answer 1

Quantitative risk analysis

Question 2

Opinion-based method of analyzing risk with the use of scenarios and ratings.

Answer 2

Qualitative risk analysis

Question 3

One instance of an expected loss if a specific vulnerability is exploited and how it affects a single asset. Asset Value × Exposure Factor = BLANK.

Answer 3

Single loss expectancy

Question 4

Annual expected loss if a specific vulnerability is exploited and how it affects a single asset. SLE × ARO = BLANK.

Answer 4

Annualized loss expectancy

Question 5

Assigning confidence level values to data elements.

Answer 5

Uncertainty analysis

Question 6

Data collection method that happens in an anonymous fashion.

Answer 6

Delphi method

Question 7

Calculating the value of a control. (ALE before implementing a control) – (ALE after implementing a control) – (annual cost of control) = value of control.

Answer 7

Cost/benefit analysis

Question 8

BLANK is what a control does, and its BLANK is how well the control does it.

Answer 8

Functionality versus effectiveness of control
Functionality
Effectiveness

Question 9

Full risk amount before a control is put into place. Threats × vulnerabilities × assets = BLANK.

Answer 9

Total risk

Question 10

Risk that remains after implementing a control. Threats × vulnerabilities × assets × (control gap) = BLANK.

Answer 10

Residual risk

Question 11

Accept, transfer, mitigate, avoid

Answer 11

Handling risk