Risk Management Flashcards

1
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are Ad-Hoc Risk Assessments?

A

Conducted as needed, often in response to specific events or situations

They address potential new risks or changes in existing risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What characterizes Recurring Risk Assessments?

A

Conducted at regular intervals (e.g., annually, quarterly, monthly)

They are part of standard operating procedures for continual risk identification and management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the purpose of One-Time Risk Assessments?

A

Conducted for specific projects or initiatives, not repeated, associated with a particular purpose

They focus on a unique situation or event.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What defines Continuous Risk Assessments?

A

Ongoing monitoring and evaluation of risks

Enabled by technology, involving real-time data collection and analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the role of technology in Continuous Risk Assessments?

A

Facilitates real-time data collection and analysis

It is used for proactive threat and vulnerability monitoring, facilitating quick responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Business Impact Analysis (BIA)

A

■ Evaluates effects of disruptions on business functions
■ Identifies and prioritizes critical functions
■ Assesses impact of risks on functions
■ Determines required recovery time for functions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Key Metrics in BIA
Recovery Time Objective (RTO)

A

○ Maximum acceptable time before severe impact
○ Target time for restoring a business process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Key Metrics in BIA
Recovery Point Objective (RPO)

A

○ Maximum acceptable data loss measured in time
○ Point in time data must be restored to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Key Metrics in BIA
Mean Time to Repair (MTTR)

A

○ Average time to repair a failed component or system
○ Indicator of repair speed and downtime minimization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Key Metrics in BIA
Mean Time Between Failures (MTBF)

A

○ Average time between system or component failures
○ Measure of reliability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Risk Register

A

■ Records identified risks, descriptions, impacts, likelihoods, and mitigation actions
■ May resemble a heat map risk matrix
■ Facilitates communication and risk tracking
■ Key component of project and business operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Risk Description

Components of Risk Register

A

● Identifies and describes the risk
● Clear and concise description

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Risk Impact

Components of Risk Register

A

● Potential consequences of risk occurrence
● Rated on a scale (e.g., low, medium, high)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Risk Likelihood

Components of Risk Register

A

● Probability of risk occurrence
● Rated on a scale (e.g., numerical or descriptive)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Risk Outcome

Components of Risk Register

A

● Result of the risk if it occurs
● Related to impact and likelihood

17
Q

Risk Level or Threshold

Components of Risk Register

A

● Determined by combining the impact and likelihood
● Determined by combining the impact and likelihood

18
Q

Cost

Components of Risk Register

A

● Financial impact on the project
● includes potential expenses if it occurs or the cost of risk mitigation

19
Q

Risk Tolerance/Risk Acceptance

A

● An organization or individual’s willingness to deal with uncertainty in
pursuit of their goals
● Maximum amount of risk they are willing to accept
● Acceptance without countermeasures

20
Q

Risk Appetite

A

● Willingness to pursue or retain risk
○ Expansionary
○ Conservative
○ Neutral

21
Q

Key Risk Indicators (KRIs)

A

■ Predictive metrics signaling increasing risk exposure
■ Provide early warning of potential risks
■ Tied to the organization’s objectives
■ Used to monitor risk changes and take proactive steps

22
Q

Risk Owner

A

■ Responsible for managing the risk
■ Monitors, implements mitigation actions, and updates Risk Register
■ Accountable for risk management

23
Q

Qualitative Risk Analysis

A

■ Primary method in risk management
■ Assesses risks based on potential impact and likelihood
■ Categorizes risks as high, medium, or low
■ Subjective and relies on expertise and experience
■ Avoids quantitative complexity

24
Q

Likelihood/Probability

Qualitative Risk Component

A

● Chance of risk occurrence
● Qualitatively expressed as low, medium, or high
● Based on past experience, statistical analysis, or expert judgment

25
Q

Impact

Qualitative Risk Component

A

○ Low Impact
■ Minor damage, essential functions operational
○ Medium Impact
■ Significant damage, loss to assets
○ High Impact
■ Major damage, essential functions impaired

26
Q

Exposure Factor (EF)

Quantitative Risk Analysis Component

A

● Proportion of asset lost in an event (0% to 100%)
● Indicates asset loss severity

27
Q

Single Loss Expectancy (SLE)

Quantitative Risk Analysis Component

A

● Monetary value expected to be lost in a single event
● Calculated as Asset Value x Exposure Factor (EF)

28
Q

Annualized Rate of Occurrence (ARO)

Quantitative Risk Analysis Component

A

● Estimated frequency of threat occurrence within a year
● Provides a yearly probability

29
Q

Annualized Loss Expectancy (ALE)

Quantitative Risk Analysis Component

A

● Expected annual loss from a risk
● Calculated as SLE x ARO

30
Q

Risk Transference

A

● Shifts risk to another party
● Doesn’t remove the risk

31
Q

Risk Acceptance

A

● Acknowledge and deal with risk if it occurs
● Used when cost of managing the risk outweighs potential loss or risk is
unlikely to have a significant impact
● No actions to mitigate the risk are taken

32
Q

Risk Avoidance

A

● Change plans or strategies to eliminate a specific risk
● Chosen when the risk is too great to accept or transfer

33
Q

Risk Mitigation

A

● Take steps to reduce likelihood or impact of risk
● Common strategy involving various actions

34
Q

Residual Risk

A

○ The likelihood and impact of the risk after mitigation,
transference, or acceptance measures have been taken on the
initial risk

35
Q

Control Risk

A

Assessment of how a security measure has lost effectiveness over
time