Lesson 15 - Risk Management Flashcards

1
Q

SLE

A

Single Loss Expectancy
- the amount that would be lost in a single occurrence of a particular risk factor
SLE = amount * EF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

EF

A

Effective Factor
- the percentage of the asset value that would be lost

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ARO

A

Annualized Rate of Occurrence
- an expression of the probability/likelihood of a risk as the number of times per year a particular loss is expected to occur

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ALE

A

Annualized Loss Expectancy
- the total cost of a risk to an organization on an annual basis
ALE = SLE * ARO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ERM

A

Enterprise Risk Management
- the comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

RCA

A

Risk Control Assessment
- a systematic process to identify the underlying causes of incidents, allowing organizations to address these issues and prevent future occurrences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

RCSA

A

Risk and Control Self-Assessment
- a framework for identifying, assessing, and mitigating operational risks, including those related to cybersecurity, by evaluating the effectiveness of existing controls and identifying gaps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

KRI

A

Key Risk Indicators
- method by which emerging risks are identified and analyzed so that changes can be adopted to proactively avoid issues from occurring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

BPA

A

Business Process Analysis
- systematically examining and evaluating business processes to identify vulnerabilities and improve security by optimizing workflows and identifying areas for improvement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

BIA

A

Business Impact Analysis
- systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

MEF

A

Mission Essential Function
- business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

PBF

A

Primary Business Function
- functions that act as support for the business or an MEF, but are not critical in themselves

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

MTD

A

Maximum Tolerable Downtime
- the longest period that a process can be inoperable without causing irrevocable business failure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

RTO

A

Recovery Time Objective
- the maximum time allowed to restore a system after a failure event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

WRT

A

Work Recovery Time
- in disaster recovery, time additional to RTO of individual systems to perform reintegration and testing of a restored or upgraded system following an event

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RPO

A

Recovery Point Objective
- the longest period that an organization can tolerate lost data being unrecoverable

16
Q

MTBF

A

Mean Time Before Failures
- metric for a device or component that predicts the expected time between failures
MTBF = total operational time / number of failures

17
Q

MTTR

A

Mean Time to Repair
- metric representing average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure
MTTR = total number of hours of unplanned maintenance / number of incident failures

18
Q

GRV

A

Governance, Risk, and Compliance
- a framework that helps organizations align IT strategy with business objectives, manage risks, and ensure compliance with regulations, ultimately enhancing digital asset protection and operational integrity

19
Q

MOU

A

Memorandum of Agreement
- a non-binding agreement that outlines the intentions, shared goals, and general terms of cooperation between parties

20
Q

NDA

A

Nondisclosure Agreement
- a binding agreement, that ensures the confidentiality and protection of sensitive information shared during the relationship

21
Q

MOA

A

Memorandum of Agreement
- a formal agreement that defines the parties’ specific terms, conditions, and responsibilities

22
Q

BPA

A

Business Partnership Agreement
- governs long-term strategic partnerships between organizations

23
Q

MSA

A

Master Level Agreement
- outlines the overall terms and conditions of a specific contract, such as provisioning cloud resources, or ticketing/help desk support

24
Q

SLA

A

Service-Level Agreement
- defines the specific performance metrics, quality standards, and service levels expected from the vendor.

25
Q

OSINT

A

Open-Source Intelligence