Lesson 15 - Risk Management Flashcards
SLE
Single Loss Expectancy
- the amount that would be lost in a single occurrence of a particular risk factor
SLE = amount * EF
EF
Effective Factor
- the percentage of the asset value that would be lost
ARO
Annualized Rate of Occurrence
- an expression of the probability/likelihood of a risk as the number of times per year a particular loss is expected to occur
ALE
Annualized Loss Expectancy
- the total cost of a risk to an organization on an annual basis
ALE = SLE * ARO
ERM
Enterprise Risk Management
- the comprehensive process of evaluating, measuring, and mitigating the many risks that pervade an organization
RCA
Risk Control Assessment
- a systematic process to identify the underlying causes of incidents, allowing organizations to address these issues and prevent future occurrences
RCSA
Risk and Control Self-Assessment
- a framework for identifying, assessing, and mitigating operational risks, including those related to cybersecurity, by evaluating the effectiveness of existing controls and identifying gaps.
KRI
Key Risk Indicators
- method by which emerging risks are identified and analyzed so that changes can be adopted to proactively avoid issues from occurring
BPA
Business Process Analysis
- systematically examining and evaluating business processes to identify vulnerabilities and improve security by optimizing workflows and identifying areas for improvement
BIA
Business Impact Analysis
- systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations
MEF
Mission Essential Function
- business or organizational activity that is too critical to be deferred for anything more than a few hours, if at all
PBF
Primary Business Function
- functions that act as support for the business or an MEF, but are not critical in themselves
MTD
Maximum Tolerable Downtime
- the longest period that a process can be inoperable without causing irrevocable business failure
RTO
Recovery Time Objective
- the maximum time allowed to restore a system after a failure event
WRT
Work Recovery Time
- in disaster recovery, time additional to RTO of individual systems to perform reintegration and testing of a restored or upgraded system following an event
RPO
Recovery Point Objective
- the longest period that an organization can tolerate lost data being unrecoverable
MTBF
Mean Time Before Failures
- metric for a device or component that predicts the expected time between failures
MTBF = total operational time / number of failures
MTTR
Mean Time to Repair
- metric representing average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure
MTTR = total number of hours of unplanned maintenance / number of incident failures
GRV
Governance, Risk, and Compliance
- a framework that helps organizations align IT strategy with business objectives, manage risks, and ensure compliance with regulations, ultimately enhancing digital asset protection and operational integrity
MOU
Memorandum of Agreement
- a non-binding agreement that outlines the intentions, shared goals, and general terms of cooperation between parties
NDA
Nondisclosure Agreement
- a binding agreement, that ensures the confidentiality and protection of sensitive information shared during the relationship
MOA
Memorandum of Agreement
- a formal agreement that defines the parties’ specific terms, conditions, and responsibilities
BPA
Business Partnership Agreement
- governs long-term strategic partnerships between organizations
MSA
Master Level Agreement
- outlines the overall terms and conditions of a specific contract, such as provisioning cloud resources, or ticketing/help desk support
SLA
Service-Level Agreement
- defines the specific performance metrics, quality standards, and service levels expected from the vendor.
OSINT
Open-Source Intelligence