Quick Tips 3 Flashcards
BLANK can be transferred, avoided, reduced, or accepted.
Risk
Threats × vulnerability × asset value = BLANK.
total risk
(Threats × vulnerability × asset value) × controls gap = BLANK.
residual risk
The main goals of BLANK are the following: identify assets and assign values to them, identify vulnerabilities and threats, quantify the impact of potential threats, and provide an economic balance between the impact of the risk and the cost of the safeguards.
risk analysis
BLANK is a method for determining functions, identifying functional failures, and assessing the causes of failure and their failure effects through a structured process.
Failure Modes and Effect Analysis (FMEA)
A BLANK is a useful approach to detect failures that can take place within complex environments and systems.
fault tree analysis
A BLANK attempts to assign monetary values to components within the analysis.
quantitative risk analysis
A purely quantitative risk analysis is not possible because BLANK cannot be quantified with precision.
qualitative items
Capturing the BLANK when carrying out a risk analysis is important, because it indicates the level of confidence the team and management should have in the resulting figures.
degree of uncertainty
BLANK reduce the amount of manual work involved in the analysis. They can be used to estimate future expected losses and calculate the benefits of different security measures.
Automated risk analysis tools
Single loss expectancy × frequency per year = BLANK.
annualized loss expectancy (SLE × ARO = ALE)
BLANK uses judgment and intuition instead of numbers.
Qualitative risk analysis
BLANK involves people with the requisite experience and education evaluating threat scenarios and rating the probability, potential loss, and severity of each threat based on their personal experience.
Qualitative risk analysis
The BLANK is a group decision method where each group member can communicate anonymously.
Delphi technique
When choosing the right safeguard to reduce a specific risk, the cost, functionality, and effectiveness must be evaluated and a BLANK performed.
cost/benefit analysis