Section 21: Risk Assessments Flashcards

1
Q

Risk Assessments

A

A process used inside of risk management to identify risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Risk

A

The probability that a threat will be realized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Vulnerabilities

A

Weaknesses in the design or implementation of a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How to deal with Risk

A

Avoid, Transfer, Mitigate, Accept

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Risk Transfer

A

Passes the risk to a third party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Residual Risk

A

The risk remaining after trying to avoid, transfer or mitigate the risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What to do with risks

A

Identify assets

Identify vulnerabilities

identify threats

identify the risks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Qualitative Risk

A

Uses intuition, experience, and other methods to assign a relative value to risk (lack of numbers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Quantitative Risk

A

Uses numerical and monetary values to calculate risk (removes a lot of estimation)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Security Assessments

A

Verify that the organization’s security posture is designed and configured properly to help thwart different types of attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Three types of security controls

A

Physical, technical, or administrative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Examples of administrative controls

A

Focused on changing the behavior of people; policies, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

External risk

A

Not controlled by humans (wildfire)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Internet Risk

A

Risks that are formed within the organization, arise during normal operations, and are often forecastable (server crash)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Legacy Systems

A

An old method, tech, computer system, or application program which includes an outdated computer system still in use (most ICS and SCADA networks)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Multiparty

A

A risk that refers to the connection of multiple systems or organizations with each bringing their own inherent risks (merging companies and accepting the risks that come with merging)

17
Q

IP Theft

A

Risk associated with business assets and property being stolen from an organization in which economic damage, the loss of a competitive edge, or a slowdown in business growth occurs

18
Q

Software Compliance/Licensing

A

Risk associated with a company not being aware of what software or components are installed within its network