Risk Identification

Question 1

Risk

Answer 1

Is the potential for negative impact on the organization, its goals or objectives or assets(people, systems, and data) due to a threat exploiting a vulnerability.
Risk = Threat * Identification

Question 2

Risk management

Answer 2

All the processes associated with identifying threats and vulnerabilities and quantifying and addressing the risk associated with those threats and vulnerabilities

Question 3

Threat

Answer 3

A negative event that can lead to an undesirable outcome

Question 4

Examples of a threat

Answer 4

A hacker who wants to encrypt your data and charge you a ransom for it
A disgruntled employee who wants to steal or sell corporate information
A fire or other natural disaster that may damage or destroy your data center

Question 5

Vulnerability

Answer 5

Is a weakness or gap that exists within a system that may be exploited by a threat actor to compromise an asset security or trigger a risk event

Question 6

Examples of vulnerabilities

Answer 6

Unpatched software applications
Weak access control mechanisms (weak passwords)
Faulty fire suppression system

Question 7

Assets

Answer 7

Anything of value which includes people, property, and information

Question 8

Risk Assessment

Answer 8

Is the set of activities that involves identifying the threat and vulnerabilities that exist and determining the impact and likelihood of those threats exploiting the identified vulnerabilities.

Question 9

Steps for assessing a risk

Answer 9

Risk identification
Risk analysis
Risk evaluation
Risk treatment