Refsdal Ch2 Flashcards
Risk
The likelihood of an incident and its consequence for an asset
Incident
An event that harms or reduces the value of an asset
Asset
Anything of value to a party
Party
An organization, company, person, group or other body on whose behalf a risk assessment is conducted
Likelihood
The chance of something to occur
Consequence
The impact of an incident on an asset in terms of harm or reduced asset value
Risk level
The magnitude of a risk as derived from its likelihood and consequence
Risk management
comprises coordinated activities to direct and control an organization with regard to risk
Risk assessment process
Step 1: Context establishment Step 2: Risk identification Step 3: Risk analysis Step 4: Evaluation Step 5: Risk treatment
The target of asessment
is the parts and aspects of the system that are the subject of the risk assessment
A system
is a set of related entitietes that forms an integrated whole and has a boundary to its surroundings
A vulnerability
A weakness, flaw or deficiency that can be exploited by a threat to cause harm to an asset
A threat
is an action or event that is caused by a threat source and that may lead to an incident
A threat source
is the potential cause of an incident
Risk identification questions
What are the threat sources?
What are the threats?
What are the risks?
What are the vulnerabilities?
