Key Terms 5 Flashcards
Assigning monetary and numeric values to all the data elements of a risk assessment.
Quantitative risk analysis
Opinion-based method of analyzing risk with the use of scenarios and ratings.
Qualitative risk analysis
One instance of an expected loss if a specific vulnerability is exploited and how it affects a single asset. Asset Value × Exposure Factor = BLANK.
Single loss expectancy
Annual expected loss if a specific vulnerability is exploited and how it affects a single asset. SLE × ARO = BLANK.
Annualized loss expectancy
Assigning confidence level values to data elements.
Uncertainty analysis
Data collection method that happens in an anonymous fashion.
Delphi method
Calculating the value of a control. (ALE before implementing a control) – (ALE after implementing a control) – (annual cost of control) = value of control.
Cost/benefit analysis
BLANK is what a control does, and its BLANK is how well the control does it.
Functionality versus effectiveness of control
Functionality
Effectiveness
Full risk amount before a control is put into place. Threats × vulnerabilities × assets = BLANK.
Total risk
Risk that remains after implementing a control. Threats × vulnerabilities × assets × (control gap) = BLANK.
Residual risk
Accept, transfer, mitigate, avoid
Handling risk