Lot 6 Flashcards
The initial steps of risk management: analyzing the value of assets to
the business, identifying threats to those assets, and evaluating how vulnerable each
asset is to those threats. It often involves an evaluation of the probability frequency of a
particular event, as well as the probable impact of that event.
Risk analysis -
The amount of risk, on a broad level, that an entity is willing to accept in
pursuit of its mission
Risk appetite -
A process used to identify and evaluate risk and potential effects. Risk assessment includes assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure, and evaluating the cost for such control. Risk analysis often involves an
evaluation of the probabilities of a particular event.
Risk assessment -
The process for systematically avoiding risk, constituting one
approach to managing risk
Risk avoidance -
The management and reduction of risk through the use of
countermeasures and controls
Risk mitigation -
The acceptable level of variation that management is willing to allow for
any particular risk while pursuing its objective
Risk tolerance -
The process of assigning risk to another organization, usually through
the purchase of an insurance policy or outsourcing the service
Risk transfer -
Assigns users to job functions or titles. Each job function
or title defines a specific authorization level.
Role-based access control -
A basic internal control that prevents or
detects errors and irregularities by assigning to separate individuals the responsibility for
initiating and recording transactions and for the custody of assets.
Segregation/separation of duties is commonly used in large IT organizations so that no
single person is in a position to introduce fraudulent or malicious code without detection.
Segregation/Separation of duties (SoD) -
A measure of the impact that improper disclosure of information may have
on an organization.
Sensitivity -