Risk Assessment Process

Question 1

is to enable organization executives to determine an appropriate budget for security and, within that budget, implement security controls to optimize the level of protection

Answer 1

risk assessment

Question 2

This objective is met by providing an estimate of the potential cost to the organization of security breaches, coupled with an estimation of the likelihood of such breaches.

Answer 2

risk assessment

Question 3

An item of value to the achievement of organizational mission/business objective.

An .. may be specifically related to information processing, including any data, device, or other components of the environment that support information-related activities that can be used, disclosed, altered, destroyed, and/or stolen, resulting in a loss.

Answer 3

Asset

Question 4

Any circumstance or event with the potential to adversely impact organizational operations (including mission, functions, image, or reputation), organizational assets, or individuals through an information system via unauthorized access, destruction, disclosure, modification of information, and/or denial of service.

Answer 4

Threat

Question 5

The magnitude of the potential of a threat event to impose a cost on an organization.

Answer 5

Threat severity

Question 6

Also referred to as threat capability, the probable level of force that a threat agent can apply against an asset.

As an example, consider an adversary attempting to obtain root privileges on a server. With root privileges, the adversary may able to read, alter, or delete files and may be able to encrypt files for ransomware.

Answer 6

Threat strength

Question 7

Other word for threat strength

Answer 7

Threat capability

Question 8

The probably frequency, within a given time frame, that a threat agent will act against an asset.

Answer 8

Threat event frequency

Question 9

Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Answer 9

Vulnerability

Question 10

A safeguard or countermeasure prescribed for an information system or an organization designed to protect the confidentiality, integrity, and availability of its information and meet a set of defined security requirements.

Answer 10

Security control

Question 11

The magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, loss of information or information system availability.

Answer 11

Impact

Question 12

A measure of the extent to which an entity is threatened by a potential circumstance or event

Answer 12

Risk

Question 13

The magnitude of risks or a combination of risks, expressed in terms of the combination of consequences and their likelihood.

Answer 13

Level of risks.

Question 14

Also called lost event frequency, the probable frequency, within a given time frame, that a threat agent will inflict harm upon an asset.

Answer 14

Likelihood