Risk Flashcards
___ is a typically defined as the objective magnitude or amount of loss that an enterprise can tolerate without risking its continued existence
Risk Capacity
___ is typically defined as the amount of risk, on abroad level, that an enterprise or other entity is willing to accept in pursuit of its mission (or vision) and the achievement of business objectives
Risk appetite
What are the 3 line of defense of risk
1- Managing Risk
2-Guiding, directing, influencing and/or assessing Risk
3-Independent oversight, reviewing and monitoring risk.
What RACI means?
Responsible
Accountable
Consulted
Informed
Who's RACI to: collect risk data Senior Management Steering committee (chair) Department Managers Risk Practitioners
Senior Management - I
Steering committee (chair) - R
Department Managers - C
Risk Practitioners - R
Who's RACI to: Deliver the risk report (not use all) Senior Management Steering committee (chair) Department Managers Risk Practitioners
Senior Management - I
Steering committee (chair) - A
Department Managers - I
Risk Practitioners - R
Who's RACI to: Prioritize risk response Senior Management Steering committee (chair) Department Managers Risk Practitioners
Senior Management - A
Steering committee (chair) - I
Department Managers - R
Risk Practitioners -C
Who's RACI to: Monitor Risk Senior Management Steering committee (chair) Department Managers Risk Practitioners
Senior Management -I
Steering committee (chair) -A
Department Managers -R
Risk Practitioners -C
I&T related risk are because of:
Ownership Use Operation Involvement Influence Adoption
Type of I&T risk
Benefit/value enablement risk
Program and project delivery risk
IT operations and service-delivery risk
Cyberinformation security risk
IT RISK management workflow is
1-Conext settling
2-Identification of assets, common risk factor and documenting risk.
3-Assesment. Asses and prioritize risk creating risk scenarios
4-Analysis. Qualitive and quantitively analysis of impact and probability
5-Response and mitigation.
6-Monitoring, reporting and communicating to senior management.
The 3 level of risks are:
A)Operational
B)Program and project Risk of the bus strategic objectives
D)Strategic
Control Managerial (administrative) are
related to the oversight, reporting, procedures and operations of a process
Cyber and information security risk is related to
The danger, harm or loss related to the use of information and communications technology, electronic data and digital or electronic communications.
Exploit is
An event where the attacker takes advantages of a vulnerability
Likelihood is
The probability of something happening
Magnitud
A measure of the potential severity of loss or the potential gain from realized events/scenarios
What covers the folloiwng:
Simulates attacks
Can be covert
Confirms exposures
Penetration testing
What covers the folloiwng:
Can be manual or automated
Examines target envirionment
Identifies outdated equipment
Vulnerbaility Assesment
Which of the following is the process to determine the significance of the risk:
a) Risk Evaluation
b) Risk assessment
c) risk analysis
a) Risk Evaluation
Which is NOT one of the processes involved in the risk assessment process?
A)Documenting
B)aligning
C)Ranking
B)aligning
_____ is a measure of operating perfomance and efficiency,computed in its simplest form by diving net income by the total investment over the period being considered.
a) cost-benefir
b) return on investment
c) Net present value
d) Return on equity
b) return on investment
Risk responses that involve investment need to be reingorced by a trough and detailed business case, which include all the following except:
A) justifies the expense of the investment
B) Explains the rationale for the selected response
C)Provides plan for continued support
D)Outlines alternatives
D)Outlines alternatives
