6. Legal, Risk and Compliance - 1. Risk Assessment

risk assessment

What type of assessment identifies and prioritizes risks?

Threat

What is the term for some external force that jeopardizes the security of your information or systems?

Threat Vector

What are the specific methods that threats use to exploit a vulnerability?

Risk

What is the combination of a vulnerability and a corresponding threat?

Because we have to carefully think about the environments in which we operate.

How does cloud computing complicate our risk assessment process?

By likely hood and impact

How are risks ranked?

True

True or False?

Security professionals performing a quantitative risk assessment do so for a single risk asset pairing at a time.

Exposure Factor (EF)

What is the expected percentage of damage to an asset?

asset value(AV) * exposure factor(EF) - single loss expectancy (SLE)

What is the formula for the single loss expectancy (SLE)?

single loss expectancy (SLE) * annualized rate of occurrence (ARO) = annual loss expectancy (ALE)

What is the formula for the annual loss expectancy (ALE)?

Mean Time to Failure (MTTF)

Quantitative techniques also help us assess our ability to restore IT services and components quickly in the event of a failure. For non-repairable assets, those that we cannot fix, what is the important metric?

Mean Time to Failure (MTTF)

What is the term that describes the average time a nonrepairable component will last?

Mean Time Between Failures (MTBF)

What term describes the average amount of time that passes between failures of a repairable asset?

Mean Time To Repair (MTTR)

What term describes the amount of time that an asset will be out of service for repair each time that it fails?