Risk Management Fundamentals Flashcards
Risk management
Risk management is the practice of identifying assessing controlling and mitigating risks.
Threats
A threat is an activity that represents a possible danger.
Asset
An asset is a thing of value worth protecting
Vulnerability
A vulnerability is a weakness
Impact of loss
Impact of loss is a loss resulting in a compromise to business functions or assets.
Business functions
Business functions or the activities a business performs to sell products or services.
Denial of service attack DOS
An organization received several emails that are unrelated to business functions, which temporarily clog up email space and make that work resources unavailable
Social engineering
A person calls an organization pretending to have a legitimate purpose and attempts to trick someone in the organization into divulging personal or protected information. This is a form of impersonation which can compromise the organizations business functions and lead to losses.
What is CIA?
Confidentiality integrity and availability
Tangible value
Tangible value is the actual cost of the asset and can be expressed in the monetary terms such as $5000.
What is considered tangible?
Computer systems, network components, software applications, and data
What is intangible value?
Intangible value is value that cannot be measured by cost such as client confidence or company reputation.
What is GAAP?
GAAP is generally acceptable accounting principles.
What is the equation for loss in this Chapter?
The equation for loss is lost revenue plus repair costs equals total tangible value.
What is future lost revenue?
Future lost revenue is any additional purchases customers make with another company or a loss to the company whose website was down.
What is cost of gaining the customer?
Large sums of money or invested in attracting customers a repeat customer is much easier to sell then to acquiring a new customer. If a company loses a customer, the company’s investment is lost.
What is customer influence?
Customers have friends, families, and business partners. They commonly share their experience with others, especially if the experience is exceptionally positive or negative.
What is reputation?
Customers share their negative experience with others, so when customers bad experience could potentially influence other current or potential customers to avoid future business transactions.
What is impact?
The impact is the amount of loss, which can be expressed in monetary terms, such as $5000.
What are the levels of impact?
The levels of impact are very high, high, moderate, low, and very low.
What guide includes the scale for assessing the impact of threats to the businesses assets?
National Institute of standards and technology, the guide for conducting risk assessments. (NIST SP 800-30)
What is an organizations weakest link?
And organizations weakest link is the organizations employees.
What is a leaders and managers perception of risk?
Leaders and managers are concerned mostly with profitability and survivability.
What is the perception of risk for system administrators?
System administrators are responsible for protecting IT systems. When they understand the risks, they often want to lock systems down as tight as possible. Administrators are often highly technical individuals. Sometimes they lose sight of the need to balance security costs with profitability. They often view the security controls as hindrances to performing their job and don’t always recognize the importance.
