Risk Analysis Flashcards
Risk analysis vocab
Risk register: formal documentation of risk in the organization
Risk Matrix: Heat map of risk vs probability/likelihood
Risk control assessment/ self Assessment: a review of vulnerabilities that could risk the organization
Risk Awareness: awareness training for employee
Risk appetite: how much risk you are ok with as a organization
Inherent risk: Risk already within the network
Residual risk: ongoing risk and to monitor
What is Quantitatuve risk assessent?
Quantitative - measures of economic impact of the risk measured and observered and the controls to mitigate them
Annualized Loss expentancy (ALE) = Single loss expectancy (SLE) * Annual rate Occurrence (ARO)
SLE = assest value * exposure factor
SLE = assest value(AV) * exposure (eF)
Assest value (AV) - $$$ amount assest is worth to the oranization
Exposure Factor (EF) - % of loss experienced IF a specific assest were attacked
ALE = SLE *ARO
ALE = \_\_\_\_\_ SLE = \_\_$10.00\_\_($100*10%) ARO = 10
- Countermeasure is less than ALE Do this
- Countermeasure is equal to ALE DO this
- Countermeasure is greater than ALE Think before acting
What is qualitative risk assessmnt?
Qualitative - measure “tangibles” The product of likelihood and impacy produces the level of risk.
The higher the risk level, the more immediate the need for the organiztion to address the issure. (Risk Matrix)
