10: 1 Risk Analysis Flashcards
(30 cards)
Risk Assessment
Identifying and triaging the risks facing an organization
Threat
External force that jeopardizes security
Threat vector
Method an actor uses to get to their target
Vulnerability
Weakness in security controls
Risk
Combination of vulnerability and a corresponding threat
Factors that prioritize a risk
Likelihood and Impact
Qualitativee Risk Assessment
Use subjective ratings to evaluate risk (Low, medium, high)
Quantitative Risk Assessment
Uses objective numeric ratings to evaluate risk
Quantitative Risk Assessment is performed on?
Single risk and asset pair
AV
Asset value - the dollar value of an asset
AV Techniques (3)
Original Cost Technique
Depreciated Cost Technique
Replacement Cost Technique
EF
Exposure Factor- Expected percentage of damage to an asset (%)
SLE
Single-Loss Expectancy - Expected dollar loss if a risk occurs one time
Formula for SLE
SLE = AV * EF
ARO
Annualized Rate of Occurrence- Number of times a risk is expected to occur each year
ALE
Annualized Loss Expectancy - Expected dollar loss from a risk in any given year
Formula for ALE
ALE = SLE * ARO
MTTF
Mean Time to Failure - Average time a nonrepairable assets will last
MTBF
Mean Time Between Failures - Average time between failures of a repairable asset
MTTR
Meant Time to Repair - Average time required to return a repairable component to service
Internal Risk
Arise from within the organization
Address Internal Risks?
Using internal controls
External Risk
Arise from outside the organization
Address External Risks?
Using internal controls
