MODULE 2 PRELIM Flashcards
is the process of identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize, monitor, and control the probability or impact of unfortunate events.
RISK MANAGEMENT
KEY ELEMENTS OF RISK MANAGEMENT
- RISK IDENTIFICATION
- RISK ASSESSMENT
- RISK MITIGATION
- RISK MONITORING AND REVIEW
TYOES OF RISKS IN AN ORGANIZATION
- OPERATIONAL RISKS
- R=FINANCIAL RISKS
- REPUTATIONAL RISKS
- COMPLIANCE RISKS
- CYBERSECURITY RISKS
Failure of internal processes, systems, or human error.
OPERATIONAL RISKS
Economic uncertainties, cash flow issues, and market volatility.
FINANCIAL RISKS
Damage to brand or public perception.
REPUTATIONAL RISKS
Violating laws, regulations, or industry standards.
COMPLIANCE RISKS
Data breaches, hacking, and cyber-attacks
CYBERSECURITY RISKS
A _______ is a set of rules and guidelines that govern how an organization protects its assets, data, and systems from unauthorized access or attacks.
SECURITY POLICIES
Implementing firewalls, encryption, and access controls. Conducting regular security audits and penetration tests.
PROACTIVE MEASURES
Incident response protocols and post-breach investigations. Data breach notification and recovery strategies.
REACTIVE MEASURES
tandards provide specific technical and procedural measures to ensure security practices are followed uniformly across organizations.
SECURITY STANDARDS
EXAMPLE OF SECURITY STANDARDS
- ISO/IEC 27001
- NIST CYBERSECURITY FRAMEWORK
- PCI-DSS
- HIPAA
INTERNATIONAL STANDARDIZATION FOR ORGANIZATIONS
INTERNATIONAL ELECTROTECHNICAL COMMISSION
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD
INSURANCE PORTABILITY AND ACCOUNTABILITY ACT
