QS0011-03: Risk Analysis

Question 1

QS0011-03: Risk Analysis

What is the meaning of Risk Analysis?

Answer 1

Risk analysis identifies and analyzes potential issues that could negatively impact key business initiatives or projects. This process is done to help organizations avoid or mitigate those risks.

Question 2

QS0011-02: Risk Analysis

Name examples of the tools for measuring risk.

Answer 2

SWOT, fishbone, risk registers, and risk matrices

Question 3

QS0011-02: Risk Analysis

What are the three security objectives?

Answer 3

1. Confidentiality
2. Integrity
3. Availability

Question 4

QS0011-02: Risk Analysis

Which two factors determine the risk level in the Risk Assessment matrix?

Answer 4

The risk matrix is based on two intersecting factors: the likelihood that the risk event will occur and the potential impact the risk event will have on the business.

Question 5

QS0011-02: Risk Analysis

Describe three levels of a potential impact

Answer 5

• *1. Low:** “The potential impact is low if—The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.
• *2. Moderate:** “The potential impact is moderate if—The loss of confidentiality, integrity, or availability could be expected to have a severe adverse effect on organizational operations, organizational assets, or individuals.
• *3. High:** “The potential impact is high if—The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.

Question 6

QS0011-02: Risk Analysis

What are the three steps of a Risk Analysis?

Answer 6

1. Risk Assessment
2. Risk Treatment
3. Risk Review

Question 7

What are the steps in the Risk Assessment?

Answer 7

1. Identification
2. Analyze
3. Evaluation

Question 8

What events need to be included in the Risk Review?

Answer 8

1. Change control
2. CAPA/Deviations
3. Security