CH 5 - Risk analysis

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Limitations to Quantitative risk assessment?

Accurate data isn't always available, Ensuring that people use the control as expected

A Risk ________________________ is a major component of a risk management plan

Assessment

Quantitative Risk Assessment

Calculates absolute financial values, losses and costs

Qualitative Risk Assessment

Calculates relative values, losses, and costs

Qualitative analysis is more time consuming than quantitative analysis

False

Risk assessments are a continuous process

False

What are the different types of assets

Hardware, Software, Personnel, Data and Information

Why is risk assessment important?

Identifies which systems/assets to protect and gives insight into which controls provide the most value

Critical components of risk assessments

Identify scope of assessment, Identify critical areas, Identify team

Quantitative Risk Assessment Benefits

It becomes a simple math problem, provides cost benefit analysis and helps show accurate values for SLE, ARO, and safeguard values that help calculate CBA

Risk Matrix

Matching Probability and impact

Quantitative Assessment Methods

Objective, Monetary Values, Historical Data, SLE, ARO, ALE

What are some examples of software assets?

Office, inventory management, ERP systems

What are some examples of Data/Information assets?

Operations, Legal/Compliance, Research & Development, Sales Collaterals

What elements are included in a qualitative analysis?

Probability and impact

A ____________________ risk assessment is subjective. It relies on the opinions of experts

Qualitative

You are trying to decide what type of risk assessment methodology to use. A primary benefit of ____________ risk assessment is that it can be completed more quickly than other methods

Qualitative

In what order do we need to conduct risk assessment

Qualitative than Quantitative

A ____________________ risk assessment is objective. It uses data that can be verified

Quantitative

A _________________________________ risk assessment uses SLE

Quantitative

You are trying to decide what type of risk assessment methodology to use. A primary benefit of ___________________ risk assessment is that it includes details for a cost benefit analysis

Quantitative

What are the different types of risk assessment?

Quantitative and Qualitative

You are working on a qualitative risk assessment for your company. You are thinking about the final report. What should you consider when providing the results and recommendations

Resource allocation and risk acceptance

What elements are included in a quantitative analysis?

SLE, ALE, ARO

What can you use to help quantify risks?

SLE, ARO, Risk Assessment, Risk Mitigation Plan

What must you define when performing a qualitative risk assessment?

Scales used to define probability and impact

What are some examples of Hardware assets?

Server, router, Switch, Firewall, Hub, Cable, Desktop, Laptop, Workstation, Handheld, CD ROM, DVD, Zip Disk, Scanner, Printers

Of the following, what would be considered a best practice when performing risk assessments?

Start with clear goals and a defined scope, Enlist support of senior management, Repeat the risk assessment regularly, Provide clear recommendations

Limitations to Qualitative risk assessment?

Subjective, NO CBA, No real standards

Qualitative Assessment Methods

Subjective, Word Values, Expert Opinions, Probability and impact

One of the challenges facing risk assessment is getting accurate data. What can be included in the risk assessment report to give an indication of the reliability of the data?

Uncertainty level

Qualitative Risk Assessment Benefits

Uses the opinions of experts, Is easy to complete, Uses words that are easy to express and understand

Challenges for risk assessment

Using Static process to evaluate a moving target, availability, Data Consistency, Estimating impact effects, Providing results that support resource allocation and risk acceptance

When should risk assessments be conducted?

When evaluating risk, When evaluating a control, Periodically after a control has been implemented


Kaugnay na mga set ng pag-aaral

Explain what is meant by intuition, and describe how the availability heuristic, overconfidence, belief perseverance, and framing influence our decisions and judgments.

View Set

business management chapter 13-4

View Set

Entrepreneurial Small Business 5th Edition; Chapter 5

View Set