Risk Assessment Terminology Flashcards
Learn these terms and definitions
Agreed-upon principles set forth by a company to govern how the employees of that company may use resources such as computers and internet access.
Acceptable Use Policy / Rules of Behavior
A calculation used to identify risks and calculate the expected loss each year.
Annual Loss Expectancy (ALE)
A calculation of how often a threat will occurrence . For Example; a threat that occurs once every five years has an annualized rate of occurrence of 1/5, or 0.2.
Annualized Rate of Occurrence (ARO)
The assessed value of an item (server, property, and so on) associated with cash glow.
Asset Value (AV)
A study of the possible importance if a disruption to a business’s vital resources were to occur.
Business Impact Analysis (BIA)
An agreement between partners in a business that outlines their responsibilities, obligations, and sharing of profits and losses.
Business Partners Agreement (BPA)
The potential percentage of loss to an asset if a threat is realized.
Exposure Factor (EF)
As defined by NIST (in Publication 800-47), it is “an agreement established between the organizations that own and operate connected IT systems to document the technical requirements of the interconnection. The ISA also supports a Memorandum of Understanding or Agreement (MOU/A) between the organizations.”
Interconnection Security Agreement (ISA)
The maximum period of time that a business process can be down before the survival of the organization is at risk.
Maximum Tolerable Downtime (MTD)
The measurement of the anticipated lifetime of a system or component.
Mean Time Between Failures (MTBF)
The measurement of the average of how long it takes a system or component to fail.
Mean Time To Failure (MTTF)
The measurement of how long it takes to repair a system or component once a failure occurs.
Mean Time To Restore (MTTR)
Most commonly known as a MOU rather than MOA, this is a document between two or more parties defining their respective responsibilities in accomplishing a particular goal or mission, such as securing a system.
Memorandum of Understanding (MOU)/Memorandum of Agreement (MOA)
The point last known good data prior to an outage that is used to recover systems.
Recovery Point Objective (RPO)
The maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable.
Recovery Time Objective (RT0)