Risk Assessments Flashcards
A process used inside of risk management to identify how much risk
exists in a given network or system
Risk Assessments
§ The probability that a threat will be realized
Risk
§ Weaknesses in the design or implementation of a system
Vulnerability
Any condition that could cause harm, loss, damage, or compromise to
our information technology systems
Threat
A strategy that requires stopping the activity that has risk or
choosing a less risky alternative
Risk Avoidance
- A strategy that passes the risk to a third party
Risk Transfer
- A strategy that seeks to minimize the risk to an acceptable level
Risk Mitigation
A strategy that seeks to accept the current level of risk and the
costs associated with it if the risk were realized
Risk Acceptance
The risk remaining after trying to avoid, transfer, or mitigate the
risk
Residual Risk
uses intuition, experience, and other methods to assign a
relative value to risk
Qualitative analysis/risk
uses numerical and monetary values to calculate risk
Quantitative analysis/Risk
An estimation of the amount of damage that a negative risk might
achieve
Magnitude of Impact
Cost associated with the realization of each individualized threat
that occurs
Single Loss Expectancy (SLE)
Number of times per year that a threat is realized
Annualized Rate of Occurence (ARO)
- Expected cost of a realized threat over a given year
Annualized Loss Expectancy (ALE)