Risk Assessment 5.3 Flashcards

1
Q

Threat Assessments

A

You need to take into account the possibility of natural phenomena such as earthquakes, severe weather, hurricanes, tornadoes, etc. Additionally the possibility of man-made threats, internal or externa. Internal threats such as employees, external threats such as outside organizations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Quantitative Risk Calculation

A

Annualized Rate of Occurrence (ARO). How likely is it that a hurricane will hit?

Single Loss Expectancy (SLE). What is the monetary loss if a single event occurs? A stolen laptop is about $1000 for example.

Annual Loss Expectancy (ALE). Your final calculation is your ARO * SLE.

There is also a qualitative effect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Evaluating Risk

A

Every project has a plan along with a risk. Identify and document the risk associate with each step. Apply possible solutions to the identified risks and monitor your results. You may also need to evaluate the risk of your supply chain. Usually you have 3rd parties to work with and that also needs to be taken into account. You have to look at their IT systems!

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Qualitative Risk Assessment

A

Identify risk factors. Ask opinions about the significance of each risk.

Impact
Annualize Rate of Occurrence (ARO)
Cost of Controls
Overall Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Business Impact Analysis

A

Define the important business objectives. What is impacted? Revenue, legal issues, customer service?

How long will you be impacted? What is the impact’s bottom line?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Testing For Risk

A

Many servers contain sensitive data. Running vulnerability and penetration tests can cause outages. Getting formal authorization for running these tests first is the best practice.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Risk Response Techniques

A

Risk avoidance is the ideal way to avoid risk, however this isn’t generally possible. We have to accept that there is risks that we have to take. That being said, we can mitigate some of the risk. Additionally we have insurance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Change Management

A

How do we make changes? We have to upgrade software, change firewall configs, modify switch ports etc. Have clear policies and a change management plan, or expect chaos.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly