RISK (U1M2) Flashcards
analytical process to provide information regarding undesirable events in which it estimates probabilities and expected consequences
Risk analysis
occurrence or change of a particular set of circumstances
event
an expected situation which does not happen or an unexpected situation which does happen
event
outcome of an event affecting objectives.
Consequence
to comprehend the nature of risk and its characteristics, where appropriate, the level of risk. It involves a detailed consideration of uncertainties
Risk analysis
may be influenced by any divergence of opinions, biases, perceptions of risk, and judgements
Risk analysis
provides an input to risk evaluation, to decisions on whether risk needs to be treated
Risk analysis
performed to consider the potential impact of loss from a successful attack
Vulnerability assessment
Types of Vulnerability assessment
-Devastating
-Severe
-Noticeable
-Minor
a combination of the attractiveness of a facility or an event as a target
vulnerability
damaged/contaminated beyond habitable use. Most items/assets are lost, destroyed, or damaged beyond repair/restoration. (75%)
Devastating
partially damaged/contaminated. Examples include partial structure breach resulting in weather/water, smoke, impact, or fire damage to some areas. Some items/assets in the facility are damaged beyond repair, but the facility remains mostly intact.
Severe
closed for a period of up to two weeks and a portion of the facility may be closed for an extended period of time (more than one month).
Severe
A limited number of assets may be damaged, but the majority of the facility is not affected. (25%)
Noticeable
no loss of major assets
Minor
Some assets may need to be moved to remote locations to protect them from environmental damage. (50%)
Severe
temporarily closed or unable to operate, but can continue without an interruption of more than one day.
Noticeable
no significant impact on operations (downtime is less than four hours) and
Minor
Types of Vulnerability ratings
-Very High
-High
-Moderate
-Low
the level of deterrence and/or defense provided by the existing countermeasures is inadequate.
Very High
a high profile facility that provides a very attractive target for potential adversaries
Very High
a high profile regional facility or a moderate profile national facility,the existing countermeasures is inadequate.
High
moderate profile facility (not well known outside the local area or region)
Moderate
the existing countermeasures is marginally adequate
Moderate
not a high profile facility
Low
the existing countermeasures is adequate
Low
The risk is totally unacceptable, Immediate measures must be taken to reduce these risks and mitigate hazards.
Very High
The risk is unacceptable. Measures to reduce risks and mitigation hazards should be implemented as soon as possible.
High
The risk may be acceptable over the short term. Plans to reduce risks and mitigate hazards should be implemented in future plans and budgets
Medium
The risks are acceptable. Measures to further reduce risk or mitigate hazards should be implemented in conjunction with other security and mitigation upgrades
Low
True or False: Risk analysis involves detailed consideration of likelihood of an identified risk.
True
True or False: An event can have multiple causes and consequences which can affect multiple objectives.
True
True or False: Highly certain events can be difficult to quantity.
True
