CH 05 Risk Management

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

The recognition, enumeration, and documentation of risks to an organization's information assets. Risk Management Risk Identification Risk Assessment Risk Control

Risk Identification

The process of identifying risk, assessing its magnitude, and taking steps to reduce risk to an acceptable level. Risk Management Risk Identification Risk Assessment Risk Control

Risk Management

The amount of risk organizations are willing to accept as they evaluate the trade offs between perfect security and unlimited accessibility. Risk Appetite Risk Tolerance Residual Risk

Risk appetite or Risk Tolerance

Loss event frequency is the probability of attack multiplied by the probability of that attack being successful. (p. 285-286) True or False

True

Loss magnitude is the value of an asset multiplied by the percentage of that asset that may be lost in an attack. (p. 286) True or False

True

The goal of information security is to bring residual risk in line with an organization's risk appetite. (p. 260) True or False

True

__________ are specific avenues that threat agents can exploit to attack an information asset. (p. 279) Valuation Vulnerabilities Sabotage Espionage

Vulnerabilities

Risk identification includes: Identify assets Prioritize assets Identify threats Prioritize threats All of the above

All of the above

Risk management involves. Risk Identification Risk Assessment Risk Control All of the above

All of the above

The goal of information security is the bring residual risk to zero. (p. 260) True or False

False

RIsk is calculated by multiplying which two values. (p. 286-287) Loss Frequency Loss Magnitude Asset Value Attack probability

Loss Frequency Loss Magnitude

The risk to information assets that remains even after current controls have been applied. Risk Appetite Risk Tolerance Residual Risk

Residual Risk

Determining the extent to which an organization's information assests are exposed to risk. Risk Management Risk Identification Risk Assessment Risk Control

Risk Assessment

The process of evaluating the relative risk for each vulnerability is called __________ (p. 282). Risk Prioritizing Risk Assessment Risk Control Risk Valuation

Risk Assessment

The application of controls to reduce risk to an organization's information assets. Risk Management Risk Identification Risk Assessment Risk Control

Risk Control


Kaugnay na mga set ng pag-aaral

30. JavaScript Break and Continue

View Set

Davis Advantage left and right heart failure

View Set

3.07 Quiz : Graphing Equations and Inequalities

View Set

Chapter 50: Disorders of Musculoskeletal Function: Rheumatic Disorders Questions

View Set