Semis 1

Question 1

“a situation involving exposure to danger” according to Oxford Dictionary

Answer 1

RISK

Question 2

“a probability or threat of damage, injury, loss, or any other negative occurrence that is caused by external or internal vulnerabilities, and that may be avoided through pre-emptive action.”

Answer 2

RISK in the business world

Question 3

According to ___: “Risk is the combination of the danger of exposure and the impact = combination of (the likelihood of the threat being able to expose an element(s) of the system) and impact”.

Answer 3

Information Security Risk Management ISO/IEC 27001

Question 4

According to Information Security Risk Management ISO/IEC 27001: “Risk is the ___ = combination of (the likelihood of the threat being able to expose an element(s) of the system) and impact”.

Answer 4

combination of the danger of exposure and the impact

Question 5

A risk is a ___.

Answer 5

potential for a loss

Question 6

It is a central consideration in decision-making, strategy, planning projects, and day-to-day operations.

Answer 6

risk

Question 7

A software developer estimates an undertaking (task) will require 3 days that winds up requiring 60 days.

Answer 7

Planning a Budget

Question 8

Unclear and conflicting interpretations of scope (coverage) cause a project to run over-budget.

Answer 8

Scope Creep

Question 9

there are those in a company who passively resist the implementation of the new technology because it will make their jobs difficult to do.

Answer 9

Resistance to Change

Question 10

combination or merger of technical parts fails requiring a redesign.

Answer 10

Integration

Question 11

the lead person or those who are important to the success of the project suddenly quits.

Answer 11

Resources

Question 12

a technology vendor fails to follow the terms of the contract resulted in downtime of a critical system.

Answer 12

Contract

Question 13

an argument with a partner causes distractions, negative behavior, and work slowdown.

Answer 13

Disputes

Question 14

a cloud platform upgrade is delayed 4 months, causing a crisis for a variety of software projects built on the new technology.

Answer 14

Dependencies

Question 15

no one knows how to fix a machine breakdown because the only person who knows how to fix it on leave.

Answer 15

Skills

Question 16

a platform redesign causes complaints due to usability issues.

Answer 16

Design

Question 17

a security incident brings down the patient care and administrative system at a hospital, endangering patient care.

Answer 17

Information Security

Question 18

the new technology acquired does not properly support the processes of the business causing the project to be declared a failure.

Answer 18

Technology

Question 19

It is the potential of losses due to technology failures.

Answer 19

Technology Risk

Question 20

Technology risk is any potential for ___ to upset ___ like ___ or ___.

Answer 20

technology failures; business; data security incidents; administration blackouts

Question 21

Technology Risk Examples:

 An e-commerce website crashes resulting to ___.

 A technology project ___ and fails to meet goals set out in its business case.

 A security incident result in the ___ resulting in legal liability, reputational damage, and compliance issues.

 A trading algorithm makes a series of illogical trades that result in ___.

Answer 21

loss of revenue;
goes over budget;
theft of customer data;
losses

Question 22

4 main causes of Technology Risk

Answer 22

 Activities of Individuals
 Systems and Technology Failures
 Failed Internal Processes
 External Events

Question 23

activities that individuals either perform or neglect to perform that actually cause harm.

Answer 23

Activities of Individuals

Question 24

These individuals can be insiders or outsiders; their activities can be incidental or deliberate, or the result of no action at all.

Answer 24

Activities of Individuals

Question 25

reflects the unusual or unexpected functioning of technology. This can include equipment, software or integrated systems.

Answer 25

Systems and Technology Failures

Question 26

the failure of internal processes to proceed on a case to case basis or expected. This comes from poor process design or execution, or faulty process controls.

Answer 26

Failed Internal Processes

Question 27

events that are by and large (but not always) outside the business control; these include calamities, infrastructure failures, legal issues, business issues, and service dependencies.

Answer 27

External Events

Question 28

Seven Steps to Minimize Technological Risks

Answer 28

 Identify key risks, measure probability, and impact
 Analyze security threats
 Analyze risk of hardware and software failure
 Analyze outsourcing risks
 Identify controlled technology
 Measuring impact
 Rank potential risks and specify desired outcomes

Question 29

When the data is gathered, organizations recognize the vital areas of concern and measure, the likelihood of event and effect on their business activities. This helps the organization in the improvement of a relief (rescue) plan, should the business push ahead. Numerous organizations will enlist IT experts to help with the process.

Answer 29

Identify key risks, measure probability, and impact

Question 30

This can include outside dangers, for example, cyber-crime and cyber-terrorism, as well as internal dangers, like the distribution of restricted information. Organizations should audit (review) the security requirements related to the following areas:
 System access and controls
 Authentication
 Transaction authorization
 Data integrity
 Audit trail
 Security event tracking
 Exception handling
 System activity logging

Answer 30

Analyze security threats

Question 31

Organizations should consider what the risk of equipment and/or software failure involves for the venture and for overall activities. How stable is the equipment and software the organization uses or plans to use? What are the potential results of disappointment (failure)?

Answer 31

Analyze risk of hardware and software failure

Question 32

It is exceptionally normal for organizations to recruit outside organization to deal with system improvement and support, network organization, disaster recovery services, application hosting, and distributed (cloud) computing. It is crucial that organizations select vendors cautiously, to guarantee their feasibility, ability, dependability, track record, and financial position.

Answer 32

Analyze outsourcing risks

Question 33

Organizations buying and selling technology should explore what is controlled technology in their area. This information could be plans, manuals, models, etc. It very well may be written, printed, recorded, saved electronically, spoken or passed on some other way. Organizations should access services and publications in relevant jurisdictions to obtain more specific information about controlled technology and possible exclusions.

Answer 33

Identify controlled technology

Question 34

When the unfamiliar actual resource chances have been investigated, their potential effect should be estimated.

Answer 34

Measuring impact

Question 35

When the information is gathered and dissected, the organization arrives at a decision point. This choice cannot be made by considering technology risk alone. When all the risk factors have been analyzed, an organization must choose from the risk management options. These are:
 Risk avoidance
 Risk transfer
 Risk reduction
 Risk retention

Answer 35

Rank potential risks and specify desired outcomes

Question 36

An ___ must prepare a strategy based on the risk management option they have chosen

Answer 36

organization

Question 37

Types of Technology Risks

Answer 37

 Architecture Risk
 Availability
 Benefit Shortfall
 Budget Risk
 Change Control
 Data Loss
 Data Quality
 Design Debt
 Facility
 Infrastructure Risk
 Process Risk
 Security Threats

Question 38

IT structures that neglect to keep up with operations or projects.

Answer 38

Architecture Risk

Question 39

Downtime of IT services.

Answer 39

Availability

Question 40

Investments in IT that neglect to accomplish estimated profit from investment.

Answer 40

Benefit Shortfall

Question 41

IT programs, projects or operations groups that go over financial (budget) plan. Generally speaking, going under financial plan is viewed as a positive gamble.

Answer 41

Budget Risk

Question 42

An inability to control change to complex systems including practices like change management and configuration management.

Answer 42

Change Control

Question 43

Loss of data that cannot be re-established.

Answer 43

Data Loss

Question 44

Low quality data that causes loss due to factors, for example, process failures, compliance issues or declining consumer satisfaction.

Answer 44

Data Quality

Question 45

A bad quality plan that results in future expenses.

Answer 45

Design Debt

Question 46

Risks connected with offices, for example, data centers.

Answer 46

Facility

Question 47

Failures of essential services like networks, power and computing resources.

Answer 47

Infrastructure Risk

Question 48

The likelihood for processes to be disturbed by IT failures.

Answer 48

Process Risk

Question 49

Security dangers, for example, malware and programmers.

Answer 49

Security Threats

Question 50

Types of IT Dangers

Answer 50

 General IT Threats
 Criminal IT threats
 Natural disasters and IT systems

Question 51

General IT Threats:

Answer 51

o Hardware and Software Failure
o Malware
o Viruses
o Spam, Scams and Phishing
o Human Error

Question 52

such as power loss or data corruption

Answer 52

Hardware and Software Failure

Question 53

malicious software designed to disrupt computer operation

Answer 53

Malware

Question 54

computer code that can copy itself and spread from one computer to another, often disrupting computer operations

Answer 54

Viruses

Question 55

unsolicited email that seeks to fool people into revealing personal details or buying fraudulent goods

Answer 55

Spam, Scams and Phishing

Question 56

incorrect data processing, careless data disposal, or accidental opening of infected email attachments.

Answer 56

Human Error

Question 57

General threats to IT systems and data

Answer 57

General IT Threats

Question 58

Specific or targeted criminal threats to IT systems and data

Answer 58

Criminal IT threats

Question 59

Criminal IT threats:

Answer 59

o Hackers
o Fraud
o Passwords Theft
o Denial-of-Service
o Security Breaches
o Staff Dishonesty

Question 60

people who illegally break into computer systems

Answer 60

Hackers

Question 61

using a computer to alter data for illegal benefit

Answer 61

Fraud

Question 62

often a target for malicious hackers

Answer 62

Passwords Theft

Question 63

online attacks that prevent website access for authorised users

Answer 63

Denial-of-Service

Question 64

includes physical break-ins as well as online intrusion

Answer 64

Security Breaches

Question 65

theft of data or sensitive information, such as customer details

Answer 65

Staff Dishonesty

Question 66

Natural disasters such as fire, cyclone and floods also present risks to IT systems, data and infrastructure.

Answer 66

Natural disasters and IT systems

Question 67

Damage to buildings and computer hardware can result in loss or corruption of customer records/transactions.

Answer 67

Natural disasters and IT systems