Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MY OWN CPP > Task 3 -- Risk Control and Treatments > Flashcards

Task 3 -- Risk Control and Treatments Flashcards

1
Q

What are several ways that security and protection professionals can manage risk as requested by asset owners.

A

ELIMINATE, REDUCE, TRANSFER, ACCEPT (ERTA)

ELIMINATE
Some risk can be eliminated entirely. For example, a store may choose not to stock a commonly stolen product, thus eliminating the risk that the item will be stolen. Likewise, the risk of being eaten by a shark can be eliminated by never swimming in an open body of water. Eliminating a risk is not always practical or possible. For example, the only way a business can eliminate the risk of an active shooter is by never opening in the first place, which would render the business obsolete.

REDUCE

Reducing risk is a common action associated with security. Risk can be reduced through a variety of strategies designed to mitigate the effects of an attack and/or the resulting loss. For example, keeping cash in multiple registers, moving excess cash to a time lock safe, adding security technology, and increasing staff are all ways of reducing risk. In fact, most of the functions associated with security are aimed at reducing risk.

TRANSFER

The transfer of risk is typically achieved through insurance and implies that another entity is taking on the risk on the organization’s behalf.

ACCEPT

Risk is a normal part of everyday life, and some risk is simply accepted as a part of day-to-day operations. Every time you get in a car, you accept the risk you could be in a car crash. Business owners accept the risk that someone will steal some of their products or an employee will be injured on the job. Accepting risk can be a proper strategy if the costs of reducing, eliminating, or transferring the risk outweigh the potential losses associated with it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

For organizations to cost-effectively manage risk they should develop balanced strategies to adaptively, proactively and reactively address minimization of both the likelihood and consequences of undesirable and/or disruptive events.

Furthermore, the selection of risk treatment controls should be integrated with the overall risk management programs with its priority stakeholders.

What three elements should an overall risk management program have?

A

Such a program should have at least three elements:
1. Protecting the organization and its value chain.

  1. Responding to events.
  2. Continuing operations while recovering from events.

Plans should also involve determining ways to measure risks as well as testing the effectiveness of the plan itself and its ability to limit risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Insurance coverage on an asset is considered the most common form of what type of risk management?

A

RISK TRANSFER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ABC Inc. decided to reduce the risk of theft by spreading valuable assets to various locations, while applying target hardening strategies and countermeasures. However, a risk of theft remains. This is referred to as which of the following?

A

Residual risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

MY OWN CPP (9 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions