Risk Assessments Flashcards

1
Q

A process used inside of risk management to identify how much risk
exists in a given network or system

A

Risk Assessments

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

§ The probability that a threat will be realized

A

Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

§ Weaknesses in the design or implementation of a system

A

Vulnerability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Any condition that could cause harm, loss, damage, or compromise to
our information technology systems

A

Threat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A strategy that requires stopping the activity that has risk or
choosing a less risky alternative

A

Risk Avoidance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  • A strategy that passes the risk to a third party
A

Risk Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  • A strategy that seeks to minimize the risk to an acceptable level
A

Risk Mitigation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A strategy that seeks to accept the current level of risk and the
costs associated with it if the risk were realized

A

Risk Acceptance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The risk remaining after trying to avoid, transfer, or mitigate the
risk

A

Residual Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

uses intuition, experience, and other methods to assign a
relative value to risk

A

Qualitative analysis/risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

uses numerical and monetary values to calculate risk

A

Quantitative analysis/Risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An estimation of the amount of damage that a negative risk might
achieve

A

Magnitude of Impact

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Cost associated with the realization of each individualized threat
that occurs

A

Single Loss Expectancy (SLE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Number of times per year that a threat is realized

A

Annualized Rate of Occurence (ARO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  • Expected cost of a realized threat over a given year
A

Annualized Loss Expectancy (ALE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Verify that the organization’s security posture is designed and configured
properly to help thwart different types of attacks

A

Security Assessments

17
Q

Utilize more intrusive techniques like scanning, hands-on
testing, and probing of the network to determine
vulnerabilities

A

Active Assessments

18
Q

Utilize open source information, the passive collection and
analysis of the network data, and other unobtrusive
methods without making direct contact with the targeted
systems

A

Passive Assessments

19
Q

§ Methods implemented to mitigate a particular risk

A

Security Controld

20
Q

Any security measures that are designed to deter or prevent
unauthorized access to sensitive information or the systems that
contain it

A

Physical Controls

21
Q

Safeguards and countermeasures used to avoid, detect,
counteract, or minimize security risks to our systems and
information

A

Technical Controls

22
Q

Focused on changing the behavior of people instead of removing
the actual risk involved

A

Administrative Controls

23
Q

Security controls that are focused on decision-making and the
management of risk

A

NIST MANAGEMENT CONTROLs

24
Q
  • Focused on the things done by people
A

NIST Operational Controls

25
Q
  • Logical controls that are put into a system to help secure it
A

Ni=IST Technical Controls

26
Q

Security controls that are installed before an event happens and
are designed to prevent something from occurring

A

Preventative Controls

27
Q

Used during the event to find out whether something bad might
be happening

A

Detective Controls

28
Q

Used after an event occurs

A

Corrective Controls

29
Q

§ Used whenever you can’t meet the requirement for a normal control

A

Compensating Control

30
Q

Risks that are produced by a non-human source and are beyond human
control

A

External Risk

31
Q

Risks that are formed within the organization, arise during normal
operations, and are often forecastable

A

Internal Risk

32
Q

An old method, technology, computer system, or application program
which includes an outdated computer system still in use

A

Legacy Systems

33
Q

A risk that refers to the connection of multiple systems or organizations
with each bringing their own inherent risks

A

Multiparty

34
Q

Risk associated with business assets and property being stolen from an
organization in which economic damage, the loss of a competitive edge,
or a slowdown in business growth occurs

A

IP Theft

35
Q

Risk associated with a company not being aware of what software or
components are installed within its network

A

Software Compliance/Licensing