RISK MANAGEMENT

Question 1

Risk

Answer 1

Risk is  a measure of the extent to which an entity is threatened by a potential circumstance or event.
It is often expressed as a combination of:
1.the adverse impacts that would arise if the circumstance or event occurs,  and
2.the likelihood of occurrence. 

Question 2

Information Security Risk

Answer 2

Information security risk reflects the potential adverse impacts that result from the possibility of unauthorized access, use, disclosure, disruption, modification or destruction of information and/or information systems.

Question 3

Threat

Answer 3

Threat is something or someone that aims to exploit a vulnerability to gain unauthorized access.

Question 4

Asset

Answer 4

An asset is something in need of protection.

Question 5

Likelihood of occurance

Answer 5

Likelihood of occurrence is a weighted factor based on a subjective analysis of the probability that a given threat or set of threats is capable of exploiting a given vulnerability or set of vulnerabilities.

Question 6

Impact

Answer 6

Impact is the magnitude of harm that can be expected to result from the consequences of unauthorized disclosure of information, unauthorized modification of information, unauthorized destruction of information, or loss of information or information system availability.

Question 7

Risk Assesment

Answer 7

Risk assessment is defined as the process of identifying, estimating and prioritizing risks to an organization’s operations

Question 8

Risk Treatment

Answer 8

Risk treatment relates to making decisions about the best actions to take regarding the identified and prioritized risk.

Question 9

Risk Avoidance

Answer 9

Risk avoidance is the decision to attempt to eliminate the risk entirely.This could include ceasing operation for some or all of the activities of the organization that are exposed to a particular risk.
Organizational leadership may choose risk avoidance when the potential impact of a given risk is too high or if the likelihood of the risk being realized is simply too great.

Question 10

Risk Management

Answer 10

Risk acceptance is taking no action to reduce the likelihood of a risk occurring.

Management may opt for conducting the business function that is associated with the risk without any further action on the part of the organization, either because the impact or likelihood of occurrence is negligible, or because the benefit is more than enough to offset that risk.

Question 11

Risk Transferance

Answer 11

Risk transference is the practice of passing the risk to another party, who will accept the financial impact of the harm resulting from a risk being realized in exchange for payment. Typically, this is an insurance policy.

Question 12

Risk Mitigation

Answer 12

Risk mitigation is the most common type of risk management and includes taking actions to prevent or reduce the possibility of a risk event or its impact.

Question 13

Mitigation

Answer 13

Taking action to reduce or prevent the impact of an event

Question 14

Acceptance

Answer 14

Ignoring the risk and continuing risky activities

Question 15

Avoidance

Answer 15

Ceasing the risky activity to remove the likelihood that an event will occur

Question 16

Vulnerability

Answer 16

An inherant weakness or flaw

Question 17

Trasferance

Answer 17

Passing risk to a third party