Lession 1

Question 1

What is the primary focus of the Organizational Security course?

Answer 1

Protecting organizations and society from cybersecurity threats and managing risk to support successful accomplishment of the organization’s mission and society at large.

Question 2

What are the key concepts related to the impact of cybercrimes on society?

Answer 2

• Cyber law
• Ethics
• Policy
• Privacy

Question 3

What is the aim of the unit on risk management?

Answer 3

To help students understand how risks can be managed in an organization.

Question 4

Define risk management.

Answer 4

The process of identifying, assessing, and controlling threats to an organization’s capital and earnings.

Question 5

List some sources of risks faced by organizations.

Answer 5

• Financial uncertainties
• Legal liabilities
• Technology issues
• Strategic management errors
• Accidents
• Natural disasters

Question 6

What is enterprise risk management (ERM)?

Answer 6

A holistic approach to managing risk that emphasizes anticipating and understanding risk across an organization.

Question 7

What is the aim of a risk management program?

Answer 7

To preserve and add to enterprise value by making smart risk decisions.

Question 8

What does ‘risk appetite’ refer to?

Answer 8

The amount of risk an organization is willing to accept to realize its objectives.

Question 9

True or False: Risk management aims to eliminate all risks.

Answer 9

False

Question 10

Why is risk management increasingly important in modern organizations?

Answer 10

Risks have grown more complex due to globalization and the pervasive use of digital technology.

Question 11

What has been dubbed a ‘threat multiplier’ by risk experts?

Answer 11

Climate change.

Question 12

What are some adjustments businesses made in response to the coronavirus pandemic?

Answer 12

• Adjusting employee return plans
• Making supply chains less vulnerable to crises

Question 13

What are the two types of risk management approaches compared in the text?

Answer 13

• Traditional risk management
• Enterprise risk management (ERM)

Question 14

List the five basic techniques of risk management.

Answer 14

• Avoidance
• Retention
• Spreading
• Loss Prevention and Reduction
• Transfer (through Insurance and Contracts)

Question 15

What is risk avoidance?

Answer 15

Not allowing exposure to risk, such as not releasing vehicles during severe weather.

Question 16

Explain risk retention.

Answer 16

Choosing to retain a risk or a portion of it because it may be cost-effective.

Question 17

What is loss prevention and reduction?

Answer 17

Minimizing the effect of loss in terms of frequency and severity.

Question 18

How can risk be transferred?

Answer 18

By contract or insurance, shifting financial risk from one entity to another.

Question 19

What is the purpose of hold harmless or indemnification clauses in contracts?

Answer 19

To release vendors and service providers from liability for their actions.

Question 20

What does risk identification help businesses achieve?

Answer 20

Understanding potential risks and creating solutions to challenges.

Question 21

Why is risk identification important?

Answer 21

• Identifying industry challenges
• Meeting legal standards
• Appealing to investors
• Making projects more efficient

Question 22

What is the NGT technique?

Answer 22

Nominal Group Technique, a method of brainstorming where participants write ideas individually before discussing them.

Question 23

What does a SWOT analysis evaluate?

Answer 23

• Strengths
• Weaknesses
• Opportunities
• Threats

Question 24

What are common risk factors for information assets?

Answer 24

• Cyberattacks
• Human error
• Natural disasters
• Supply chain vulnerabilities
• Regulatory compliance

Question 25

Define risk assessment.

Answer 25

The process of identifying, analyzing, and evaluating risks to information assets.

Question 26

What can damage physical equipment or disrupt network infrastructure?

Answer 26

Environmental factors ## Footnote This includes issues like power outages, floods, or fires.

Question 27

What are supply chain vulnerabilities?

Answer 27

Third-party vendors or suppliers may have their own security weaknesses that could compromise the security of information assets. ## Footnote These vulnerabilities can lead to risks in the information security of an organization.

Question 28

What is the consequence of non-compliance with laws and regulations related to data protection?

Answer 28

Legal and financial risks ## Footnote This includes potential fines and legal action against an organization.

Question 29

What is risk assessment?

Answer 29

The process of identifying, analyzing, and evaluating risks to information assets. ## Footnote The goal is to determine likelihood and potential impact of risks.

Question 30

What is the first step in the risk assessment process?

Answer 30

Asset identification ## Footnote This involves identifying and documenting the information about assets that need to be protected.

Question 31

What is involved in threat identification?

Answer 31

Identifying potential threats to the assets, such as cyberattacks, natural disasters, or human error. ## Footnote This step is crucial for understanding the context of risks.

Question 32

What does vulnerability assessment entail?

Answer 32

Assessing the vulnerabilities or weaknesses of the assets and the systems that support them. ## Footnote This helps to identify potential points of failure.

Question 33

What is risk analysis?

Answer 33

Analyzing the likelihood and potential impact of each risk and prioritizing them based on their severity. ## Footnote This is essential for effective risk management.

Question 34

What is the purpose of risk management?

Answer 34

To develop strategies to mitigate or manage the risks. ## Footnote This can include implementing security controls or developing contingency plans.

Question 35

What does risk monitoring involve?

Answer 35

Regularly reviewing and updating the risk assessment to ensure that the strategies remain effective. ## Footnote This is important for adapting to changes in the risk landscape.