Risk Management Flashcards

1
Q

What is a Key Risk Indicator (KRI)?

A

Is a metric showing the risk appetite probability for an organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Describe the Risk Management Phases:
1) Risk Identification
2) Risk Assessment
3) Risk Analysis
4) Prioritization
5) Risk Treatment
6) Risk Tracking and Review

A

1) Identifies the source, causes, and consequences of internal and external risks.
2) Provides an estimate on the likelihood and impact of a risk.
3) Analyzing the risk to understand the inherent and controlled risks.
4) Triaging of the risks based on goal of the organization.
5) Selecting and implementing appropriate controls on the risk.
6) Identifies the chance of a new risk occurring. Evaluates the performance of the implemented risk management strategies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Describe these Roles and Responsbilities in Risk Management:
1) Senior Mangement
2) Chief Information Officer (CIO)
3) System and Information Owners
4) Business and Functional Managers
5) IT Security Managers and Computer Security Officers
6) IT Security Practitioners
7) Security Awareness Trainers

A

1) Design the steps for handling future risks.
2) Responsible for IT planning, budgeting, and performance on a risk management program.
3) Implements security controls to maintain CIA of a system.
4) Makes trade-off decisions in the risk management process.
5) Responsible for an organizations information security programs.
6) Responsible for implementing security controls.
7) Develops and provides training in the risk management process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe these Risk Categories:
1) Inherent Risk
2) Residual Risk

A

1) Defines the risk that exists before controls are implemented.
2) Is what remains after controls are implemented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe these components of the NIST Risk Management Framework:
1) Categorize
2) Select
3) Implement
4) Assess
5) Authorize
6) Monitor

A

1) Defining the worst-case and adverse impact of risk to business.
2) Select baseline security controls.
3) Implment security controls.
4) Determine the security controls effectiveness
5) Determine risk to organizational operations and assets; if acceptable, authorize the operation.
6) Track changes to the information system that may affect security controls and reassess control effectiveness.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe these Risk Management Frameworks:
1) COSO ERM Framwork
2) COBIT
3) ISO 27005
4) ISO 31000
5) Threat Agent Risk Assessment (TARA)

A

1) Defines essential components, suggests common language and provides clear direction and guidance for ERM.
2) Is an IT governance framework that emphasizes compliance, and help increase value from IT.
3) Provides broadly acceptable guidance for information security risk management.
4) Provides generic guidelines for ERM.
5) Produces a digest of only those exposures most likely to occur to develop optimal security strategies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly