5.4 Risk Management

Question 1

SSO

Answer 1

Single Sign-On is convenient for users since they only need to remember one set of credentials. Unfortunately, single sign-on also introduces a single point of failure. If the identity provider is offline, then the user cannot log in to any of the resources they may wish to utilize across the web. Additionally, if the single sign-on is compromised, the attacker now has access to every site that the user would have access to using the single set of credentials

Question 2

Risk appetite

Answer 2

ow much risk an organization is willing to accept. This is a crucial factor both in designing the assessment and determining the recommended mitigations

Question 3

Risk mitigation

Answer 3

strategy to prepare for and lessen the effects of threats faced by a data center. Risk mitigation refers to applying security controls to reduce the risk of a known vulnerability

Question 4

Risk avoidance

Answer 4

elimination of hazards, activities, and exposures that can negatively affect an organization’s assets

Question 5

Risk acceptance

Answer 5

act of accepting the identified risk and not taking additional actions to reduce the risk because the risk is low enough. Risk acceptance should only be done once an organization’s risk tolerance is defined and communicated amongst the decision-makers

Question 6

Mission Essential Function

Answer 6

things that must be performed by an organization to meet its mission. For example, the Army being able to deploy its soldiers is a mission-essential function

Question 7

critical system

Answer 7

For example, the Army being able to deploy its soldiers is a mission-essential function. If they couldn’t do that because a network server is offline, then that system would be considered a critical system and should be prioritized for higher security and better defenses