Chapter 6 Study Q's Part 2

Ace your homework & exams now with Quizwiz!

Is the expected frequency with which a specific threat or risk will occur within a single year

Annualized Rate of Occurrence (ARO) OR Probability Determination

An anonymous feedback-and-response process used to enable a group to reach an anonymous consensus. The primary purpose is to elicit honest and uninfluenced responses from all participants

Delphi Technique

What should be done when a safeguard has been implemented?

Recalculate the ALE for the asset and the ARO, even if the EF remains unchanged.

Four possible responses to risk:

Reduce or mitigate Assign or transfer Accept Reject or Ignore

Risk that remains once countermeasures are implemented. Compromises threats to specific assets against which upper management chooses not to implement a safeguard

Residual Risk

Valuation by management of the cost/benefit analysis of possible safeguards and the determination that the cost of the countermeasure greatly outweighs the possible cost of loss due to risk

Risk Acceptance

Placement of the cost of loss a risk represents onto another entity or organization

Risk Assignment

The implementation of safeguards and countermeasures to eliminate vulnerabilities or block threats

Risk Mitigation

SLE formula

SLE = Asset Value (AV) * Exposure Factor (EF)

Written description of a single major threat

Scenario

Cost associated with a single realized risk against a specific asset. Indicates the exact amount of loss an organization would experience if an asset were harmed by a specific threat occurring. EF is needed to calculate this.

Single Loss Expectancy

Annualized loss expectancy (ALE) Formula

ALE = SLE * ARO or ALE = AV * EF * ARO

The possible yearly cost of all instances of a specific realized threat against a specific asset

Annualized Loss Expectancy (ALE)

The goal of ____ is to assign an asset a specific dollar value that encompasses tangible costs as well as intagible

Asset Valuation

Results of Risk Analysis

Complete and Detail valuation of all Assets Cost/Benefit Analysis of each safeguard List of threat-specific safeguards and countermeasures that identifies their effectiveness and ALE

Represents the percentage of loss that an organization would experience if a specific asset were violated by a realized risk

Exposure Risk or Loss Potential

Assigns subjective and intangible values to the loss of an asset

Qualitative Risk

Assigns real dollar figures to the loss of an asset. Results in concrete probability percentages.

Quantitative Risk

Two kinds of risk assessment methodologies:

Quantitative, Qualitative

Denying that a risk exists or hoping that it will never be realized

Risk Rejection

The ability of an organization to absorb the losses associated with realized Risk

Risk Tolerance

Annual cost of the safeguard (ACS) Formula

# / year

Annualized Rate of Occurrence (ARO) formula

# / year

Exposure factor (EF) formula

%

Value of benefit of a safeguard

(ALE1 - ALE2) - ACS

Cost/benefit analysis for safeguard

(ALE1-ALE2) - ACS

ALE formula

ALE = Single Loss Expectancy (SLE) * Annualized Rate of Occurrence (AR)

Formula to decide if the safeguard is financially equitable

ALE before safeguard - ALE after implementing safeguard - annual cost of safeguard(ACS) = value of the safeguard to the company ALE before - ALE after - ACS = Value

See all study sets

Related study sets

Human geo chptr. 6 (political geography)

View Set

Biography- Mother Teresa Grade 3(人物传记 德肋撒修女 三年级)

View Set

IT Essentials Chapter 6 Applied Networking

View Set

Worksheet problems for ch. 5, 6, 7

View Set

School Subjects + Days of the Week

View Set

Introduction to Ratios and Proportional Relationships

View Set

Ch 9: Heaps, Priority Queues, and Heap Sort

View Set