Lesson 19 - Summarizing Risk Management Concepts

Question 1

Risk that an event will pose if no controls are put in place to mitigate it.

Answer 1

Inherent risk

Question 2

The response of reducing risk to fit within an organization’s risk appetite.

Answer 2

Risk mitigation (or remediation)

Question 3

In risk mitigation, the response of deploying security controls to reduce the likelihood and/or impact of a threat scenario.

Answer 3

risk deterrence (or reduction)

Question 4

In risk mitigation, the practice of ceasing activity that presents risk.

Answer 4

Avoidance

Question 5

In risk mitigation, the response of moving or sharing the responsibility of risk to another entity, such as by purchasing cybersecurity insurance.

Answer 5

Transference (or sharing)

Question 6

The response of determining that a risk is within the organization’s appetite and no countermeasures other than ongoing monitoring is needed.

Answer 6

Risk Acceptance

Question 7

Risk that remains even after controls are put into place.

Answer 7

residual risk

Question 8

Risk that arises when a control does not provide the level of mitigation that was expected.

Answer 8

Control Risk

Question 9

A document highlighting the results of risk assessments in an easily comprehensible format (such as a “traffic light” grid). Its purpose is for department managers and technicians to understand risks associated with the workflows that they manage.

Answer 9

risk register

Question 10

A graphical table indicating the likelihood and impact of risk factors identified for a workflow, project, or department for reference by stakeholders.

Answer 10

heat map risk matrix

Question 11

A systematic activity that identifies organizational risks and determines their effect on ongoing, mission critical operations.

Answer 11

Business impact analysis (BIA)

Question 12

A business or organizational activity that is too critical to be deferrred for anything more than a few hours, if at all.

Answer 12

mission essential function (MEF)

Question 13

The longest period of time a business can be inoperable without causing irrevocable business failure.

Answer 13

Maximum tolerable downtime (MTD)

Question 14

The length of time it takes after an event to resume normal business operations and activities.

Answer 14

Recovery time objective (RTO)

Question 15

The longest period of time that an organization can tolerate lost data being unrecoverable.

Answer 15

Recovery Point Objective (RPO

Question 16

A component or system that would cause a complete interruption of a service if it failed.

Answer 16

single points of failure (SPoF)

Question 17

The average time a device or component is expected to be in operation.

Answer 17

Mean time to failure (MTTF)

Question 18

The rating on a device or component that predicts the expected time between failures.

Answer 18

mean time between failures (MTBF)

Question 19

The average time taken for a device or component to be repaired, replaced, or otherwise recover from a failure.

Answer 19

Mean time to repair (MTTR)

Question 20

A documented and resourced plan showing actions and responsibilities to be used in response to critical incidents.

Answer 20

Disaster recovery plans (DRPs)

Question 21

The property that defines how closely systems approach the goal of providing data availability 100 percent of the time while maintaining a high level of system performance.

Answer 21

high availability.

Question 22

Protection against system failure by providing extra (redundant) capacity. Generally, fault tolerant systems identify and eliminate single points of failure.

Answer 22

fault tolerant

Question 23

Overprovisioning resources at the component, host, and/or site level so that there is failover to a working instance in the event of a problem.

Answer 23

redundancy

Question 24

A brownout occurs when the power that is supplied by the electrical wall socket is insufficient to allow the computer to function correctly. Brownouts are long sags in power output that are often caused by overloaded or faulty grid distribution circuits or by a failure in the supply route from electrical power station to a building.

Answer 24

brownouts