1/28
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Ad Hoc
A risk assessment conducted in response to a specific event or situation, such as a new project, technology implementation, or significant change in the business environment and are often performed quickly to address a particular concern or set of circumstances
Recurring
A risk assessment performed at regular intervals, such as annually or quarterly, and are meant to track the evolution of risks over time, monitor changes in the risk profile, and ensure that risk management practices are adapting to new threats and vulnerabilities
One-Time
A risk assessment that offers the organization a point in time view of its current risk state, and are done in response to a security incident, at the request of management, or at any other time when the organization wants a snapshot of its risk profile
Continious
A risk assessment that involves ongoing monitoring and analysis of risks, and includes automated systems that constantly scan for new threats or change sin the risk environment, as well as regular reviews and updates to the risk management strategy, enabling organizations to respond more quickly and effectively to emerging risks
Quantitative Risk Analysis
A risk assessment that uses numeric data in analysis, resulting in assessments that allow the very straightforward prioritization of risks
Qualitative Risk Analysis
A risk assessment that substitutes subjective judgements and categories for strict numerical analysis, allowing the assessment of risks that are difficult to quantify
Single Loss Expectancy (SLE)
The amount of financial damage expected each time a risk materializes and is calculated by multiplying the Asset Value with the Exposure Factor
Annualized Loss Expectancy (ALE)
The amount of damage expected from a risk each year, and is calculated by multiplying the Single Loss Expectancy and the Annualized Rate of Occurance
Annualized Rate of Occurrence (ALO)
The number of times the risk is expected each year
Exposure Factor
The percentage of the asset expected to be damaged
Key Risk Indicators
Metrics used to measure and provide early warning signals for increasing levels of risk, and help in tracking the effectiveness of risk mitigation efforts and make sure that the residual risk stays within the risk appetite
Risk Owner
The individual or entity responsible for managing and monitoring risks, including implementing necessary controls and actions to mitigate them
Risk Tolerance
The ability to withstand risks and continue operations without any significant impact
Risk Threshold
The specific level at which a risk becomes unacceptable, is the actual boundary that will trigger some action or decision, and is usually more quantitative, defining clear points or values
Risk Appetite
The level of risk that an organization is willing to accept as a cost of doing business
Expansionary Risk Appetite
Organizations willing to take on higher levels of risk in pursuit of potential higher rewards, and are suitable for organizations looking to grow aggressively, innovate, or capture market share by engaging with new ventures, investments, or technologies
Neutral Risk Appetite
Organizations that take a balanced approach to risk since they are willing to take on moderate levels of risk to achieve steady growth and returns by aiming for stability and moderate growth, usually opting for more secure investments and projects
Conservative Risk Appetite
Organizations that avoid high risks and focus on maintaining stability and protecting existing assets, prioritizing security and preservation over high growth, and are common in highly regulated industries or where the consequences of risks are severe
Risk Transferrence
Shifts some of the impact of a risk from the organization experiences the risk to another entity, like purchasing an insurance policy that covers a risk
Risk Acceptance
Deliberately choosing to take no other risk management strategy and to simply continue operations as normal in face of the risk
Risk Exemption
Formally acknowledging the risk and including documentation to ensure that there is a record of the decision-making process
Risk Exception
Acknowledging the risk and deciding to accept it for certain reasons, such as the cost of mitigating outweighing the cost of the risk
Risk Avoidance
Changing business practices to completely eliminate the potential that a risk will materialize, though could have a serious detrimental impact on the business
Risk Mitigation
The process of applying security controls to reduce the probability and/or magnitude of a risk, and is the most popular risk management strategy
Risk Reporting
Communicating the status of evolution of risks to stakeholders within the organization so that decision-makers are aware of the current risk landscape and can make informed choices regarding risk mitigation strategies
Recovery Time Objective (RTO)
The amount of time that the organization can tolerate a system being down before it is repaired
Recovery Point Objective (RPO)
The amount of data that the organization can tolerate losing during an outage
Mean Time to Repair (MTTR)
The average amount of time to restore a system to its normal operating state after a failure
Mean Time Between Failures (MTBF)
The expected amount of time that will elapse between system failures