Risk Management Flashcards
BIA
Business Impact Analysis
Evaluates effects of disruptions on business functions
RPO
Recovery Point Objective
○ Maximum acceptable data loss measured in time
○ Point in time data must be restored to
MTTR
Mean Time To Repair
MTBF
Mean Time Between Failures
Risk Register
Records identified risks, descriptions, impacts, likelihoods, and mitigation actions
Risk Tolerance/Risk Appetitie
Willingness to pursue or retain risk.
Expansionary, Conservative or Neutral
KRIs
Key Risk Indicators
Predictive metrics signaling increasing risk exposure
Risk Owner
Responsible for managing the risk
Qualitative Risk Analysis
Assesses risk based on potential impact and likelihood. Subjective and relies on expertise and experience
Quantitative Risk Analysis
Provides objective and numerical evaluation of risks.
EF
Exposure Factor
Proportion of asset lost in an event (0-100%)
SLE
Single-Loss Expectancy
Monetary value expected to be lost in a single event.
Asset Value x Exposure Factor
ARO
Annualized Rate of Occurrence
Estimated yearly frequency of risk incident
ALE
Expected annual loss from a risk
SLE x ARO
Risk Transference
Shift risk to another party (insurance, contract idemnity)
Risk Acceptance
Acknowledge and deal with risk if it occurs.
Used when managing the risk outweighs potential loss
Risk Avoidance
Change plan or strategy to eliminate a risk
Chosen when the risk is too great to accept or transfer
Risk Mitigation
Take steps to reduce likelihood or impact of risk
Residual Risk
Likelihood after mitigation, transference or acceptence
Control Risk
Assessment of how a security measure has lost effectiveness over time
CHIPS Act of 2022
■ U.S. federal statute providing funding to boost semiconductor research and
manufacturing in the U.S.
■ Aims to reduce reliance on foreign-made semiconductors, strengthen the domestic supply chain, and enhance security
MSP
Managed Service Provider
Manage IT services on behalf of organizations
Right-to-Audit clause
Contract provision allowing organizations to evaluate vendor’s internal processes
for compliance
Vendor Questionnaire
Comprehensive documents filled out by potential vendors
Provide insights into operations, capabilities, and
compliance
Rules of Engagement
Guidelines for interaction between organization and vendors
Vendor Monitoring
Mechanism used to ensure that the chosen vendor still aligns with organizational
needs and standards
SLA
Service Level Agreement
Defines the standard of service a client can expect from a provider.
Includes performance benchmarks and penalties for deviations
MOA
Memorandum of Agreement
Formal, outlines specific responsibilities and controls
MOU
Memorandum of Understanding
Less binding than MOA. Expresses mutual intent without specifics.
MSA
Master Service Agreement
Covers general terms of engagement across multiple transactions
SOW
Statement of Work
Specifies project details, deliverables, timelines, and milestones. Provides in-depth project-related information
NDA
Non-Disclosure Agreement
Ensures confidentiality of sensitive information shared during
negotiations
BPA or JVA
Business Partnership Agreement or Joint Venture Agreement
● Goes beyond basic contracts when two entities collaborate
● Outlines partnership nature, profit-sharing, decision-making, and exit
strategies
● Defines ownership of intellectual property and revenue distribution