lecture 3

Question 1

COSO ERM framework, every risk management decision either increases, decrease or erodes value:

Answer 1

• Aligning risk appetite
• reducing operational suprises
• enhancing risk response
• identifying and managing multiple and cross enterprise risks
• seizing opportunities
• improving deployment of capital

Question 2

Risk identification

Answer 2

Processes for identifying the risks and opportunities that ccould impact on an organisation

Question 3

risk assessment

Answer 3

the identification and analysis of risks to the achievement of business objectives. it forms a basis for determining how risks should be managed. Includes development of risk treatment strategies

Question 4

Strategic understanding of information value

Answer 4

the strategic objectives, how, why, what information is most critical. value of other information assets

Question 5

risk appetite

Answer 5

is a high level view of how much risk management is willing to accept

Question 6

Risk identification mini steps

Answer 6

Identify information/ICT processes and then develop a set of risk indicators relative to these

Question 7

threat

Answer 7

potential cause of an unwanted incident, which may result in harm to a system or organisation

Question 8

likelihood

Answer 8

the probability of a risk eventuating

Question 9

Consequence

Answer 9

the impact of an adverse change to the level of business objectives achieved

Question 10

existing controls

Answer 10

safeguards and countermeasures in place to manage risk

Question 11

Jacobsons window

Answer 11

Isolates four classes of risk, low-low, high-low

low-high and hihgh-high. these four are easily broken down into either inconsequential or significant risk classes

Question 12

options available for risks

Answer 12

accept = monitor 
avoid = eliminate 
reduce = institute controls 
share = partner with someone

Question 13

Key elements of impact analysis

Answer 13

Assess the degree of harm or loss that can occur as a result of exploitation of vulnerability

Question 14

determining acceptable risk levels

Answer 14

evaluating risks on the basis of the likelihood of and consequences provides two factors that can be used to prioritize risk management

Question 15

Expected value of risk

Answer 15

EVR = estimated loss from specific risk * % likelihood of loss

Question 16

enterprise risk management (effective IT security strategy needs a holistic security conscious enviroment in entire organisation and commitment to:) `

Answer 16

Ensure stakeholders confidence and trust through the integrity of the business and its information assets

• Maintaining the confidentialllity of personal and financial information
• safeguarding sensitive business information from unauthorised disclosure
• ensuring availability to business critical information assets

Question 17

Confidentiality

Answer 17

meaning that the information assets can be accessed and disclosed only by authorised parties

Question 18

integrity

Answer 18

meaning that the information assets can only be modified or deleted by authorised ways, therefore they are always complete and true

Question 19

availability

Answer 19

meaning that the information assets are accessible to the authorised parties in a timely manner

Question 20

non-repudiation

Answer 20

meaning the ability to prove that a sender sent or receiver received a message even if the sense or receiver wishes to deny it later

Question 21

Authenticity

Answer 21

Meaning both genuineness and validility of an information asset

Question 22

privacy

Answer 22

meaning to protect the confidentiality and identity of a user

Question 23

accountability

Answer 23

meaning the ability to audit the level of protection provided for information assets and the ability to identify where the responsibility lies to provide such protection

Question 24

Assurance

Answer 24

meaning the measurement of confidence in the level of protection of an information asset and the degree to which a particular control enforces information security policy requirements