Risk Management Flashcards
(30 cards)
Risk Assessment
Identifies and triages risks
Threat
External forces that jeopardize security
Threat vector
Methods used by attacker
Vulnerabilities
Weaknesses in your security controls
Likelihood
Probability risk will occur
Impact
Amount of damage that will occur
Qualitative techniques
Subjective rating to evaluate risk likelihood and impact
Quantitative techniques
Numerical ratings to evaluate risk likelihood and impact
Risk treatment
Analyzes and implements responses to control risk
Risk avoidance
Change business practices to make a risk irrelevant
Risk transference
Shift the risk from your organization to another organization
Risk mitigation
Reduces the likelihood or impact of a risk
Risk acceptance
Choice to continue operations in the face of risk
Risk profile
Set of risks an organization faces
Inherent risk
Initial level of risk that exists in the organization before any controls
Residual risk
Risk left after controls are implemented
Control risk
New risks from adding controls
Risk tolerance
Level of risk organizations will accept
Security controls
Reduce the likelihood or impact of a risk and help identify issues
Control purpose
Preventative
Detective
Corrective
Control mechanism
Technical
Administrative
Physical
Preventative controls
Stop a security issue from occurring e.g. firewall
Detective controls
Identify security issues requiring investigation e.g. IPS, antivirus
Recovery controls
Remediate security issues that have occurred e.g. restoring from backup
