Lesson 19 - Summarizing Risk Management Concepts Flashcards

1
Q

Risk that an event will pose if no controls are put in place to mitigate it.

A

Inherent risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The response of reducing risk to fit within an organization’s risk appetite.

A

Risk mitigation (or remediation)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario.

A

risk deterrence (or reduction)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

In risk mitigation, the practice of ceasing activity that presents risk.

A

Avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

A

Transference (or sharing)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.

A

Risk Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk that remains even after controls are put into place.

A

residual risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk that arises when a control does not provide the level of mitigation that was expected.

A

Control Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A document highlighting the results of risk assessments in an easily comprehensible format (such as a “traffic light” grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.

A

risk register

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A graphical table indicating the likelihood and impact of risk factors identified for a workflow, project, or department for reference by stakeholders.

A

heat map risk matrix

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

A

Business impact analysis (BIA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A business or organizational activity that is too critical to be deferrred for anything more than a few hours, if at all.

A

mission essential function (MEF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The longest period of time a business can be inoperable without causing irrevocable business failure.

A

Maximum tolerable downtime (MTD)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The length of time it takes after an event to resume normal business operations and activities.

A

Recovery time objective (RTO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The longest period of time that an organization can tolerate lost data being unrecoverable.

A

Recovery Point Objective (RPO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

A component or system that would cause a complete interruption of a service if it failed.

A

single points of failure (SPoF)

17
Q

The average time a device or component is expected to be in operation.

A

Mean time to failure (MTTF)

18
Q

The rating on a device or component that predicts the expected time between failures.

A

mean time between failures (MTBF)

19
Q

The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

A

Mean time to repair (MTTR)

20
Q

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

A

Disaster recovery plans (DRPs)

21
Q

The property that defines how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.

A

high availability.

22
Q

Protection against system failure by providing extra (redundant) capacity. Generally, fault tolerant systems identify and eliminate single points of failure.

A

fault tolerant

23
Q

Overprovisioning resources at the component, host, and/or site level so that there is failover to a working instance in the event of a problem.

A

redundancy

24
Q

A brownout occurs when the power that is supplied by the electrical wall socket is insufficient to allow the computer to function correctly. Brownouts are long sags in power output that are often caused by overloaded or faulty grid distribution circuits or by a failure in the supply route from electrical power station to a building.

A

brownouts