QS0011-03: Risk Analysis Flashcards
QS0011-03: Risk Analysis
What is the meaning of Risk Analysis?
Risk analysis identifies and analyzes potential issues that could negatively impact key business initiatives or projects. This process is done to help organizations avoid or mitigate those risks.
QS0011-02: Risk Analysis
Name examples of the tools for measuring risk.
SWOT, fishbone, risk registers, and risk matrices
QS0011-02: Risk Analysis
What are the three security objectives?
- Confidentiality
- Integrity
- Availability
QS0011-02: Risk Analysis
Which two factors determine the risk level in the Risk Assessment matrix?
The risk matrix is based on two intersecting factors: the likelihood that the risk event will occur and the potential impact the risk event will have on the business.
QS0011-02: Risk Analysis
Describe three levels of a potential impact
- *1. Low:** “The potential impact is low if—The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.
- *2. Moderate:** “The potential impact is moderate if—The loss of confidentiality, integrity, or availability could be expected to have a severe adverse effect on organizational operations, organizational assets, or individuals.
- *3. High:** “The potential impact is high if—The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
QS0011-02: Risk Analysis
What are the three steps of a Risk Analysis?
- Risk Assessment
- Risk Treatment
- Risk Review
What are the steps in the Risk Assessment?
- Identification
- Analyze
- Evaluation
What events need to be included in the Risk Review?
- Change control
- CAPA/Deviations
- Security
