17 Risk Management & Privacy

Question 1

What helps organizations prioritize cybersecurity efforts?

Answer 1

Risk identification and assessment

This process involves identifying all risks and conducting a business impact analysis.

Question 2

What do cybersecurity analysts conduct to assess the potential degree of risk?

Answer 2

Business impact analysis

This analysis is based on the probability of occurrence and the magnitude of potential effects.

Question 3

What is a source of external risk for organizations?

Answer 3

Vendors

Organizations should conduct supply chain assessments to mitigate risks from vendors.

Question 4

What reduces the likelihood that a previously unidentified risk at a vendor will negatively impact the organization?

Answer 4

Vendor due diligence

This involves assessing the vendor’s systems as part of risk assessment practices.

Question 5

What technique verifies that hardware was not tampered with after leaving the vendor’s premises?

Answer 5

Hardware source authenticity techniques

Hardware-based authentication techniques use physical devices to verify a user’s identity, adding an extra layer of security beyond passwords. These methods often involve cryptographic tokens or smart cards that generate one-time passwords or digital signatures to authenticate users. Examples include USB tokens, keyfobs, and smart cards.

These techniques are crucial for ensuring the integrity of hardware.

Question 6

Name one risk management strategy that changes business practices to make a risk irrelevant.

Answer 6

Risk avoidance

This strategy modifies practices to eliminate the risk.

Question 7

What are techniques that seek to reduce the probability or magnitude of a risk called?

Answer 7

Risk mitigation techniques

These techniques aim to lessen the impact or chance of risks occurring.

Question 8

What approach moves some of the risk to a third party?

Answer 8

Risk transference

This strategy involves outsourcing certain risks to external entities.

Question 9

What does risk acceptance acknowledge?

Answer 9

The presence of the risk

Organizations continue normal operations despite the risk being acknowledged.

Question 10

What does disaster recovery planning aim to build?

Answer 10

Resiliency

This planning is activated during natural or human-made disasters.

Question 11

What does a disaster recovery plan help an organization do?

Answer 11

Quickly recover its information and systems

The plan is essential for resuming normal operations after a disruption.

Question 12

What should organizations develop to protect sensitive personal information?

Answer 12

Privacy programs

These programs protect personal information from misuse and unauthorized disclosure.

Question 13

What types of information should privacy programs cover?

Answer 13

• Personally identifiable information (PII)
• Protected health information (PHI)
• Financial information
• Other records impacting personal privacy

These elements are crucial for maintaining individual privacy.