Lecture 2 Flashcards

Learn the key points

1
Q

risk management

A

Aims to accept risks that make sense to take and reduce unacceptable risks
(resolving obstacles)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk management process

A
  1. Assess risks
  2. identify risks to manage
  3. select controls
  4. implement and test controls
  5. evaluate controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

risk identification process

A
  1. identify threats
  2. identify vulnerabilities
  3. estimate likelihood of a threat exploiting vulnerability
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

threat

A

any circumstance or event where potential to adversely impact organisational operations, assets, individuals or the nation via unauthorized access, destruction, disclosure or modification information and/or denial of service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Vulnerability

A

Weaknesses in an information system security procedures, internal controls or implementation that could be exploited by a threat source

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Asset

A

any information resource valued by the organisation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Top 10 threats to information security

A
  1. Technology with weak secuirty
  2. social media attacks
  3. social engineering
  4. mobile malware
  5. third party entry
  6. neglecting proper configuration
  7. outdated security software
  8. Lack of encryption
  9. corporate data on personal devices
    10 security technology
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Types of information risks

A
  1. IS business risk
  2. IS security risk
  3. IS/business continuity risk
  4. IS/IT audit risk
    (Inherent risk, control risk, detection risk)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

IS business risk

A

Likelihood that a business will not achieve its business goals and objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Information security risks

A

Includes risk associated with confidentiality, integrity, availability (including access) to information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IS/business continuity risk

A

that the information required to meet business needs is available
includes risks associated with and information systems availability and backup and recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

IS/IT audit risk

A

Likelihood that an organisations external auditor makes a mistake when issuing an opinion attesting to the fairness of its financial statements or that an IT auditor fails to uncover a material error or fraud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The measure of IS/IT audit risks

A

Audit risk = Inherent risk * Control risk * detection risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly