risk management processes and concepts

Question 1

A _____ is a repository for documenting risks identified in an organization and includes information and steps to take regarding the risk. Common information found in a _____ is the specific risk, the likelihood of occurrence, and the action to take.

Answer 1

risk register

Question 2

A _____ assessment evaluates all elements required to produce and distribute a product.

Answer 2

supply chain

Question 3

_____ is the likelihood and impact after specific mitigation, transference, or acceptance measures have been applied.

Answer 3

Residual risk

Question 4

_____ is a measure of how much less effective a security control has become over time.

Answer 4

Control risk

Question 5

_____ is the level of risk before any type of mitigation has been attempted.

Answer 5

Inherent risk

Question 6

_____ is a strategic assessment of what level of residual risk is tolerable and is broad in scope.

Answer 6

Risk appetite

Question 7

The _____ identifies a point in time that data loss is acceptable.

Answer 7

recovery point objective (RPO)

Question 8

The _____ identifies the maximum time it takes to recover a system in the event of an outage.

Answer 8

recovery time objective (RTO)

Question 9

The _____ provides a measure of a system’s average reliability and is measured in hours.

Answer 9

mean time between failure (MTBF)

Question 10

The _____ is the average time it takes to restore a system after an outage.

Answer 10

mean time to recover (MTTR)