CH 05 Risk Management
The recognition, enumeration, and documentation of risks to an organization's information assets. Risk Management Risk Identification Risk Assessment Risk Control
Risk Identification
The process of identifying risk, assessing its magnitude, and taking steps to reduce risk to an acceptable level. Risk Management Risk Identification Risk Assessment Risk Control
Risk Management
The amount of risk organizations are willing to accept as they evaluate the trade offs between perfect security and unlimited accessibility. Risk Appetite Risk Tolerance Residual Risk
Risk appetite or Risk Tolerance
Loss event frequency is the probability of attack multiplied by the probability of that attack being successful. (p. 285-286) True or False
True
Loss magnitude is the value of an asset multiplied by the percentage of that asset that may be lost in an attack. (p. 286) True or False
True
The goal of information security is to bring residual risk in line with an organization's risk appetite. (p. 260) True or False
True
__________ are specific avenues that threat agents can exploit to attack an information asset. (p. 279) Valuation Vulnerabilities Sabotage Espionage
Vulnerabilities
Risk identification includes: Identify assets Prioritize assets Identify threats Prioritize threats All of the above
All of the above
Risk management involves. Risk Identification Risk Assessment Risk Control All of the above
All of the above
The goal of information security is the bring residual risk to zero. (p. 260) True or False
False
RIsk is calculated by multiplying which two values. (p. 286-287) Loss Frequency Loss Magnitude Asset Value Attack probability
Loss Frequency Loss Magnitude
The risk to information assets that remains even after current controls have been applied. Risk Appetite Risk Tolerance Residual Risk
Residual Risk
Determining the extent to which an organization's information assests are exposed to risk. Risk Management Risk Identification Risk Assessment Risk Control
Risk Assessment
The process of evaluating the relative risk for each vulnerability is called __________ (p. 282). Risk Prioritizing Risk Assessment Risk Control Risk Valuation
Risk Assessment
The application of controls to reduce risk to an organization's information assets. Risk Management Risk Identification Risk Assessment Risk Control
Risk Control