Risk Assesment Flashcards
What is Risk Assessment in security?
The process used to identify how much risk exists in a network or system.
What is Risk?
The probability that a threat will occur.
What are Vulnerabilities?
A weakness in the design or implementation of a system. Vulnerabilities are within your control.
What is a Threat?
Any condition that could cause harm, loss, damage or compromise in our IT systems. They are external sources such as natural disasters, cyber attackers, data breaches, discloser of confidential information, issues that may arise during daily operations. Threats are external and beyond your control.
What can we do about risk?
There are a few general strategies.
Risk Avoidance is a strategy that requires you to stop the activity with risk or choosing a less risky alternative.
Risk Mitigation is a strategy that seeks to minimize the risk to an acceptable level.
Risk Transfer to a third party, insurance usually.
Risk Acceptance is a strategy that accepts the risks because of the cost/benefit analysis.
What is Residual Risk?
The remaining risk after trying to avoid, transfer, or mitigate the risk.
How do you conduct a risk assesment?
Identify Assets
Identify Vulnerabilities (Vulnerability Assessment, Vulnerability Scan, Penetration Test)
Identify Threats
Identify the Impact of the risks occurring
