Risk Management

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/37

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 5:51 PM on 6/22/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

38 Terms

1
New cards

Risk Management

Process of identifying, analyzing, treating, monitoring and reporting risks

2
New cards

Risk

Analyzed based on Impact + probability

3
New cards

Risk Assessment Frequency: Ad-Hoc

Assessment that are performed as and when needed.

-As a response to a specific event that has the potential to introduce new risk.

(New product release, Change in regulation)

4
New cards

Risk Assessment Frequency: One-time

Conducted for a specific purpose and are not repeated

(New IT system implemented, Organizational change)

5
New cards

Risk Assessment Frequency: One-time

Conducted for a specific purpose and are not repeated

(New IT system implemented, Organizational change)

6
New cards

Risk Assessment Frequency: Continuous

Ongoing monitoring and evaluation of risk.

7
New cards

Risk Identification Process

Recognizing potential risks and conducting a business impact analysis.

8
New cards

Business Impact Analysis

Evaluating the effects of a potential disruption to an organization’s business functions and processes.

Metrics:

-Recovery Time Objective (RTO)

-Recovery Point Objective (RPO)

-Mean Time to Repair (MTTR)

-Mean Time Between Failures (MTBF)

9
New cards

Business Impact Analysis

Evaluating the effects of a potential disruption to an organization’s business functions and processes.

Metrics:

-Recovery Time Objective (RTO)

-Recovery Point Objective (RPO)

-Mean Time to Repair (MTTR)

-Mean Time Between Failures (MTBF)

10
New cards

Recovery Point Objective (RPO)

The maximum acceptable amount of data loss measured in time.

11
New cards

Mean Time to Repair (MTTR)

The average time need to repair a failed component or system

12
New cards

Mean Time Between Failures (MTBF)

Average time between failures

13
New cards

Risk Register (Risk Log)

A document that has all the identified risks

Including:

  • Description

  • Impact

  • likelihood

  • Mitigation

  • Cost $

14
New cards

Risk Tolerance / Acceptance

The maximum amount of risk they are willing to accept

15
New cards

Risk Appetite

Organizations approach to risk taking

16
New cards

Risk Appetite: Expansionary

Is open to taking more risk in hopes of greater returns

17
New cards

Risk Appetite: Conservative

Will not take on a lot of risk, even if it leads to lower returns

18
New cards

Risk Appetite: Neutral

Balance between risk and return

19
New cards

Key Risk Indicators (KRIs)

Predictive Metrics used to signal rising risk levels in different parts of the enterprise. (Early warning system for potential risk)

20
New cards

Risk Owner

Person/Group responsible for managing the risk

21
New cards

Qualitative Risk Analysis

Method of assessing risks based on their potential impact and the likelihood of their occurrence.

  • Categories (High, Medium, Low)

22
New cards

Impact

Potential damage to an operation if the risk occurs.

23
New cards

Quantitative Risk Analysis

Evaluating risk that uses numerical measurements.

  • Exposure Factor (EF)

  • Single Loss Expectancy (SLE)

  • Annualized Rate of Occurrence (ARO)

  • Annualized Loss Expectancy (ALE)

24
New cards

Exposure Factor (EF)

Proportion of an asset that is lost in an event

25
New cards

Single Loss Expectancy (SLE)

Monetary value expected to be lost in a single event

(Asset x EF) = SLE

26
New cards

Annualized Rate of Occurrence (ARO)

Estimated frequency with which a threat is expected to occur within a year.

27
New cards

Annualized Loss Expectancy (ALE)

Expected Annual loss from a risk

(SLE x ARO)

28
New cards

Risk Management Strategies

  • Transfer

  • Accept

  • Avoid

  • Mitigate =

29
New cards

Risk Management: Transfer / Sharing

Involves shifting risk from the organization to another party

(Insurance or Contract Indemnity)

30
New cards

Risk Management: Acceptance

Recognizing a risk and choosing to address it when it happens with any mitigation.

(When cost of prevention > potential loss)

31
New cards

Exemption

A provision that grants an exception from a specific rule or requirement

32
New cards

Exception

Provision that permits a party to bypass a rule in certain situations.

33
New cards

Risk Management: Avoidance

Altering plans to eliminate a risk

(When risk is too great to accept or transfer)

34
New cards

Risk Management: Mitigation

Implementing measures to decrease the likelihood or impact of a risk

35
New cards

Risk Monitoring

Tracking identified risks, assessing new risk, doing response plans and evaluating their effect during a projects lifecycle

36
New cards

Residual Risk

Likelihood and impact after implementing mitigation, transference, acceptance measure of the initial risk

37
New cards

Control Risk

Assessment of how a security measure has lost effectiveness over time

38
New cards

Risk Reporting

Communicating info about risk management actions