Lesson 19 + 20 Summarizing Risk Management Concepts

Question 1

Risk management

Answer 1

Risk management is a process for identifying, assessing, and mitigating vulnerabilities and threats to the essential functions that a business must perform to serve its customers

Question 2

Likelihood of occurrence

Answer 2

Likelihood of occurrence is the probability of the threat being realized.

Question 3

Impact

Answer 3

Impact is the severity of the risk if realized as a security incident.

Some factors are such as the value of the asset or the cost of disruption if the asset is compromised.

Question 4

External threat actors

Answer 4

External threat

Natural disasters, such as the COVID-19 pandemic, illustrate the need to have IT systems and workflows that are resilient to widespread dislocation.

The most critical type of impact is one that could lead to loss of life or critical injury.

Question 5

Internal risks

Answer 5

Internal risks come from assets and workflows that are owned and managed by your organization.

Question 6

Multiparty risk

Answer 6

Multiparty risk is where an undesirable event impacts multiple organizations.

Multiparty risk usually arises from supplier relationships. If a critical event disrupts a supplier or customer, then your own organization will suffer.

Question 7

IP Theft: Intellectual property (IP)

Answer 7

IP Theft:

Intellectual property (IP) is data of commercial value that is owned by the organization.

This can mean copyrighted material for retail (software, written work, video, and music) and product designs and patents. If IP data is exfiltrated it will lose much of its commercial value

Question 8

Quantitative risk assessment

Answer 8

Quantitative risk assessment aims to assign concrete values to each risk factor.

Question 9

Single Loss Expectancy (SLE)

Answer 9

Single Loss Expectancy (SLE)

Amount that would be lost in a single occurrence of the risk factor.

Exposure Factor (EF) is the percentage of the asset value that would be lost.

Question 10

Annualized Loss Expectancy (ALE)

Answer 10

Annualized Loss Expectancy (ALE)

Amount that would be lost over the course of a year.

Question 11

Annualized Rate of Occurrence (ARO)

Answer 11

The probability that a risk will occur in a particular year

Question 12

Qualitative risk assessment

Answer 12

Qualitative risk assessment - identifying significant risk factors.

Question 13

Inherent risk

Answer 13

Inherent risk is the level of risk before any type of mitigation has been attempted.

Question 14

Risk posture

Answer 14

Risk posture shows which risk response options can be identified and prioritized

Question 15

Risk mitigation

Answer 15

Risk mitigation (or remediation) is the overall process of reducing exposure to or the effects of risk factors.

Question 16

risk deterrence (or reduction)

Answer 16

risk deterrence (or reduction):

If you deploy a countermeasure that reduces exposure to a threat or vulnerability.

Question 17

Risk Avoidance and Risk Transference

Answer 17

Avoidance means that you stop doing the activity that is risk-bearing.

Transference (or sharing) means assigning risk to a third party, such as an insurance company or a contract with a supplier that defines liabilities.

Question 18

Risk Acceptance and Risk Appetite

Answer 18

Risk acceptance (or tolerance) means that no countermeasures are put in place either because the level of risk does not justify the cost or because there will be unavoidable delay before the countermeasures are deployed.

Question 19

residual risk

Answer 19

residual risk is the likelihood and impact after specific mitigation, transference, or acceptance measures have been applied

Question 20

Control risk

Answer 20

Control risk is a measure of how much less effective a security control has become over time.

Question 21

risk register

Answer 21

risk register is a document showing the results of risk assessments in a clear format

Question 22

Business impact analysis (BIA)

Answer 22

Business impact analysis (BIA) is the process of assessing what losses might occur for a range of threat scenarios.

Question 23

business continuity planning (BCP)

Answer 23

business continuity planning (BCP) identifies controls and processes that enable an organization to maintain critical workflows in the face of some adverse event.

Question 24

continuity of operations planning (COOP)

Answer 24

continuity of operations planning (COOP) refers to the same sorts of activities when undertaken by a government agency, rather than a business.

Question 25

mission essential function (MEF)

Answer 25

mission essential function (MEF) is one that cannot be put off.

This means that the organization must be able to perform the function as close to continually as possible, and if there is any service disruption, the mission essential functions must be restored first.

Question 26

Maximum tolerable downtime (MTD)

Answer 26

Maximum tolerable downtime (MTD)

longest period of time that a business function outage may occur for without causing irrecoverable business failure

Question 27

Recovery time objective (RTO)

Answer 27

Recovery time objective (RTO)

the period following a disaster that an individual IT system may remain offline.

Question 28

Work Recovery Time (WRT)

Answer 28

Work Recovery Time (WRT)

Following systems recovery, there may be additional work to reintegrate different systems, test overall functionality, and brief system users on any changes or different working practices so that the business function is again fully supported

Question 29

Recovery Point Objective (RPO)

Answer 29

Recovery Point Objective (RPO)

Amount of data loss that a system can sustain. That is, if a database is destroyed by a virus, an RPO of 24 hours means that the data can be recovered (from a backup copy) to a point not more than 24 hours before the database was infected.

Question 30

Identification of Critical Systems

Answer 30

Identification of Critical Systems

• People (employees, visitors, and suppliers).
• Tangible assets (buildings, furniture, equipment and machinery, ICT (information communication technology) equipment, electronic data files, and paper documents).
• Intangible assets (ideas, commercial reputation, bran, etc)
• Procedures (supply chains, critical procedures, SOP).

Question 31

business process analysis (BPA). The BPA should identify the following factors:

Answer 31

business process analysis (BPA). The BPA should identify the following factors:

• Inputs—the sources of information for performing the function (including the impact if these are delayed or out of sequence).
• Hardware—the particular server or data center that performs the processing.
• Staff and other resources supporting the function.
• Outputs—the data or resources produced by the function.
• Process flow—a step-by-step description of how the function is performed.

Question 32

MTTF

Answer 32

MTTF should be used for non-repairable assets.

Hard drive may be described with an MTTF, (Life Span)

While a server (which could be repaired by replacing the hard drive) would be described with an MTBF.

Question 33

Mean time to repair (MTTR)

Answer 33

Mean time to repair (MTTR) is a measure of the time taken to correct a fault so that the system is restored to full operation.

Question 34

internal disaster

Answer 34

An internal disaster is one that is caused by malicious activity or by accident by an employee or contractor—anyone or anything whose presence within the company or organization has been authorized.

Question 35

external disaster

Answer 35

external disaster events are caused by threat actors who have no privileged access.

External disaster includes disasters that have an impact on the organization through wider environmental or social impacts, such as disruption of public services or impacts to the supply chain.

Question 36

person-made disaster

Answer 36

A person-made disaster event is one where human agency is the primary cause.

Typical examples other than devastating cybersecurity incidents include terrorism, war, vandalism, pollution, and arson.

There can also be accidental person-made disasters, such as cutting through power or telecoms cabling.

Question 37

Disaster recovery plans (DRPs)

Answer 37

Disaster recovery plans (DRPs)

specific procedures to follow to recover a system or site to a working state following a disaster-level event.

Question 38

99s

Availability to downtime

Answer 38

99. 9999% - 30 seconds downtime
100. 999% - 5 min downtime
101. 99% - 50 min downtime
102. 9% - 9 hours downtime
103. 9% - 87 hours down time

Question 39

Scalability

Answer 39

Scalability is the capacity to increase resources to meet demand within similar cost ratios.

two types of scalability:

• To scale out is to add more resources in parallel with existing resources.
• To scale up is to increase the power of existing resources.

Question 40

Elasticity

Answer 40

Elasticity refers to the system’s ability to handle these changes on demand in real time.

A system with high elasticity will not experience loss of service or performance if demand suddenly increases rapidly.

Question 41

power distribution unit (PDU)

Answer 41

power distribution unit (PDU):

These come with circuitry to “clean” the power signal, provide protection against spikes, surges, and brownouts, and can integrate with uninterruptible power supplies (UPSs).

Managed PDUs support remote power monitoring functions

Question 42

uninterruptible power supply (UPS)

Answer 42

uninterruptible power supply (UPS) will provide a temporary power source in the event of a blackout

Question 43

RAID (Redundant Array of Independent Disks)

Answer 43

RAID 0 – striping
RAID 1 – mirroring
RAID 5 – striping with parity
RAID 6 – striping with double parity
RAID 10 – combining mirroring and striping

Question 44

Disk Redundancy

Multipath

Answer 44

multipath is focused on the bus between the server and the storage devices or RAID array.

A storage system is accessed via some type of controller

Question 45

Geographical dispersal

Answer 45

Geographical dispersal refers to data replicating hot and warm sites that are physically distant from one another.

This means that data is protected against a natural disaster wiping out storage at one of the sites. This is also described as a geo-redundant solution

Question 46

Asynchronous and Synchronous Replication

Answer 46

Synchronous replication is designed to write data to all replicas simultaneously.

Asynchronous replication writes data to the primary storage first, then copies data to the replicas at scheduled intervals.

Question 47

On-Premises versus Cloud

Answer 47

This cost is one of the big drivers of cloud services, where local and geographic redundancy are built into the system, if you trust the CSP to operate the cloud effectively.

Question 48

Differential backup

Answer 48

Differential backup – from last FULL backup, includes all files changed since last full backup -> Only last full backup needed for restore.

Only needs two tapes sets for restoration, it is faster than incremental.

Question 49

Incremental backup

Answer 49

Incremental backup – from last backup, includes files changed during the day -> all previous backups needed to restore.

This type of backup can save backup time but be more time consuming when restoration is needed

Question 50

Nonpersistence

Answer 50

Nonpersistence means that any given instance is completely static in terms of processing function.

Mechanisms for ensuring nonpersistence:

• Snapshot/revert to known state—this is a saved system state that can be reapplied to the instance.
• Rollback to known configuration—a physical instance might not support snapshots but has an “internal” mechanism for restoring the baseline system configuration, such as Windows System Restore.
• Live boot media—another option is to use an instance that boots from read-only storage to memory rather than being installed on a local read/write hard disk.

Question 51

change control process

Answer 51

change control process

Used to request and approve changes in a planned and controlled way.

Question 52

Change Management

Answer 52

Change Management

Implementation of changes should be carefully planned, with consideration for how the change will affect dependent components.

Question 53

Layered security

Answer 53

Layered security is typically seen as improving cybersecurity resiliency because it provides defense in depth.

The idea is that to fully compromise a system, the attacker must get past multiple security controls, providing control diversity.

Question 54

Active defense

Answer 54

Active defense means an engagement with the enemy, deploying decoy assets to act as bait/lure.

Question 55

honeypot/honeynet/honeyfile

Answer 55

honeypot is a computer system set up to attract threat actors,

honeynet is an entire decoy network.

honeyfile is fake data