Quiz for Chapter 4

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

6. What is Risk Identification?

Identify all potential threats.

4. What components of information system are categorized in Risk Identification step?

People, Procedure, Data, S/W, H/W, and N/W

12. What are the two phases of Risk Assessment?

Phase One: Know Yourself Phase Two: Know Your Enemy

3. What are the two components of Risk Management?

Risk Assessment and Risk Analysis and Control

1. What are the three main steps of Risk Assessment and in which order they need to be performed?

Risk Identification Risk Evaluation Risk Prioritization

1. What is Risk?

Risk be formally defined as a potential or probability that a particular threat can exploit a particular weakness that may result in undesirable outcomes.

10. What is Risk Control?

The final process in which proposed security technology and policies are developed, implemented, and maintained to control the known risks.

6. What is the significance of performing Asset Assessment (i.e., what information it provides to a Risk Analyst)?

The first step in the risk assessment process is to assign a value/weight to each identified asset so that we can classify them with respect to the value each asset adds to the organization.

1. In order to determine an appropriate probability of threat occurring, what information a Risk Analyst (i.e., SMG) should use?

The security management group (Risk Analyst) will determine the appropriate values for likelihood using the following 3 things: a) Results of previous 2 stages (i.e., Asset and Threat Assessment) b) Organization's current risk environment and c) Existing security controls

9. What is Risk Analysis?

This will further examine each threat and determine what security policies, procedures, and technology should be implemented to counter these threats.

10. ___T or F ________ Increasing the exposure factor always increases the single loss expectancy (assuming a constant asset value).

True

11. ___T or F _________ Information assets with high risk magnitude (RM) need additional or immediate security control to reduce the risk.

True

9. __T or F_________ Increasing likelihood of a threat occurring always increases the risk magnitude (assuming a constant asset value).

True

2. The process of examining/evaluating how each threat will affect an organization is called a(n) _________________

(Answer: Threat Assessment)

14. What are the four steps to Phase Two?

1. Identify all potential threats. 2. Evaluate each threat with respect to its impact on the organization. 3. Relate threats to critical assets. 4. Based on your understanding, assign a priority to each threat.

5. What are the three main steps of Risk Assessment?

1. Identify all risks that the organization is facing. 2. Evaluate each risk 3. Assign a priority to each identified risk

11. What three questions need answered when we perform Risk Management?

1. What assets do we need to protect? 2. How are these assets threatened? 3. What can we do to counter these threats?

2. What is Risk Management?

Defined as a process in which all risks/threats are identified (Risk Identification) so that appropriate security measures can be taken (Risk Control) after performing Risk Analysis

7. Write down couple of questions that could be used as a criteria by a Risk Analyst to determine appropriate values/weight of each organization information asset.

• Q1: which information asset is the most critical to the success of the organization • Q2: Which Information Assets generates the most Revenue? • Q3: Which information asset generates the most profit? • Q4: Which information assets would be the most expensive to replace?

15. What are the five steps of Risk Identification?

1. Categorize all Information Security Components 2. Identify all assets 3. Categorize assets 4. Identify vulnerable assets 5. Identify all potential threats

7. What is Risk Evaluation?

Evaluate each threat to determine how harmful it could be

12. ___T or F ________ An increase in the probability of threat (TP) increases the asset value (AV). Assume a constant risk magnitude (RM)?

False

8. __T or F_________ During Risk Identification, all critical assets are evaluated and categorized with respect to the value they add to the organization.

False

13. What are the three steps to Phase One?

Identify, Evaluate, and Understand the assets that the organization has.

3. What is the difference between risk analysis and risk control.

• Risk-Analysis will further examine each individual threat in order to determine that what appropriate security measures must be taken to reduce or eliminate the risk • Risk Control is the process in which Security policies are develop, implemented, & monitored to ensure that the Risks are reduced or eliminated

3. Likelihood is the probability which is assigned between __________ to show low probability and ______________ to show high probability.

0.1 to 1

8. What is Risk Prioritization?

Assign a value to each risk.

1. _________________ is referred as probability that a particular vulnerability of an asset can be exploited by a threat to damage the organization.

Answer: Likelihood

4. _________________ Assessment determines the likelihood that a particular vulnerability can be exploited by the threat to damage the organization's asset.

Answer: Risk

5. ____________________________ group determines the appropriate values for likelihood

Answer: The security management group (Risk Analyst)

7. Risk magnitude can be calculated by multiplying _______________ and ______________

Asset value (also known as asset rating) with the likelihood or probability of threat occurring

6. Single loos expectancy is the product of __________________ and ________________

Asset value and Exposure Factor (EF%)

4. What is Risk Assessment?

Risk Assessment and Risk Analysis and Control


Kaugnay na mga set ng pag-aaral

PSYCH Exam 2 - Optimizing Intelligence

View Set

OCA Java SE 7: Using Operators and Decision Constructs

View Set

TAMUCC MGMT 5350 Entrepreneurship Byus FINAL - Chap 01-12

View Set

Chapter 11: Reproductive Behaviors

View Set

AFJROTC // Chapter 8 Lesson 3 Seeking Feedback and Promotions

View Set