Risk Management

Question 1

BIA

Answer 1

Business Impact Analysis

Evaluates effects of disruptions on business functions

Question 2

RPO

Answer 2

Recovery Point Objective

○ Maximum acceptable data loss measured in time
○ Point in time data must be restored to

Question 3

MTTR

Answer 3

Mean Time To Repair

Question 4

MTBF

Answer 4

Mean Time Between Failures

Question 5

Risk Register

Answer 5

Records identified risks, descriptions, impacts, likelihoods, and mitigation actions

Question 6

Risk Tolerance/Risk Appetitie

Answer 6

Willingness to pursue or retain risk.

Expansionary, Conservative or Neutral

Question 7

KRIs

Answer 7

Key Risk Indicators

Predictive metrics signaling increasing risk exposure

Question 8

Risk Owner

Answer 8

Responsible for managing the risk

Question 9

Qualitative Risk Analysis

Answer 9

Assesses risk based on potential impact and likelihood. Subjective and relies on expertise and experience

Question 10

Quantitative Risk Analysis

Answer 10

Provides objective and numerical evaluation of risks.

Question 11

EF

Answer 11

Exposure Factor

Proportion of asset lost in an event (0-100%)

Question 12

SLE

Answer 12

Single-Loss Expectancy

Monetary value expected to be lost in a single event.

Asset Value x Exposure Factor

Question 13

ARO

Answer 13

Annualized Rate of Occurrence

Estimated yearly frequency of risk incident

Question 14

ALE

Answer 14

Expected annual loss from a risk

SLE x ARO

Question 15

Risk Transference

Answer 15

Shift risk to another party (insurance, contract idemnity)

Question 16

Risk Acceptance

Answer 16

Acknowledge and deal with risk if it occurs.

Used when managing the risk outweighs potential loss

Question 17

Risk Avoidance

Answer 17

Change plan or strategy to eliminate a risk

Chosen when the risk is too great to accept or transfer

Question 18

Risk Mitigation

Answer 18

Take steps to reduce likelihood or impact of risk

Question 19

Residual Risk

Answer 19

Likelihood after mitigation, transference or acceptence

Question 20

Control Risk

Answer 20

Assessment of how a security measure has lost effectiveness over time

Question 21

CHIPS Act of 2022

Answer 21

■ U.S. federal statute providing funding to boost semiconductor research and
manufacturing in the U.S.
■ Aims to reduce reliance on foreign-made semiconductors, strengthen the domestic supply chain, and enhance security

Question 22

MSP

Answer 22

Managed Service Provider

Manage IT services on behalf of organizations

Question 23

Right-to-Audit clause

Answer 23

Contract provision allowing organizations to evaluate vendor’s internal processes
for compliance

Question 24

Vendor Questionnaire

Answer 24

Comprehensive documents filled out by potential vendors

Provide insights into operations, capabilities, and
compliance

Question 25

Rules of Engagement

Answer 25

Guidelines for interaction between organization and vendors

Question 26

Vendor Monitoring

Answer 26

Mechanism used to ensure that the chosen vendor still aligns with organizational needs and standards

Question 27

SLA

Answer 27

Service Level Agreement Defines the standard of service a client can expect from a provider. Includes performance benchmarks and penalties for deviations

Question 28

MOA

Answer 28

Memorandum of Agreement Formal, outlines specific responsibilities and controls

Question 29

MOU

Answer 29

Memorandum of Understanding Less binding than MOA. Expresses mutual intent without specifics.

Question 30

MSA

Answer 30

Master Service Agreement Covers general terms of engagement across multiple transactions

Question 31

SOW

Answer 31

Statement of Work Specifies project details, deliverables, timelines, and milestones. Provides in-depth project-related information

Question 32

NDA

Answer 32

Non-Disclosure Agreement Ensures confidentiality of sensitive information shared during negotiations

Question 33

BPA or JVA

Answer 33

Business Partnership Agreement or Joint Venture Agreement ● Goes beyond basic contracts when two entities collaborate ● Outlines partnership nature, profit-sharing, decision-making, and exit strategies ● Defines ownership of intellectual property and revenue distribution