5.2 Security Program Management and Oversight

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/28

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 3:17 PM on 7/8/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

29 Terms

1
New cards

Ad Hoc

A risk assessment conducted in response to a specific event or situation, such as a new project, technology implementation, or significant change in the business environment and are often performed quickly to address a particular concern or set of circumstances

2
New cards

Recurring

A risk assessment performed at regular intervals, such as annually or quarterly, and are meant to track the evolution of risks over time, monitor changes in the risk profile, and ensure that risk management practices are adapting to new threats and vulnerabilities

3
New cards

One-Time

A risk assessment that offers the organization a point in time view of its current risk state, and are done in response to a security incident, at the request of management, or at any other time when the organization wants a snapshot of its risk profile

4
New cards

Continious

A risk assessment that involves ongoing monitoring and analysis of risks, and includes automated systems that constantly scan for new threats or change sin the risk environment, as well as regular reviews and updates to the risk management strategy, enabling organizations to respond more quickly and effectively to emerging risks

5
New cards

Quantitative Risk Analysis

A risk assessment that uses numeric data in analysis, resulting in assessments that allow the very straightforward prioritization of risks

6
New cards

Qualitative Risk Analysis

A risk assessment that substitutes subjective judgements and categories for strict numerical analysis, allowing the assessment of risks that are difficult to quantify

7
New cards

Single Loss Expectancy (SLE)

The amount of financial damage expected each time a risk materializes and is calculated by multiplying the Asset Value with the Exposure Factor

8
New cards

Annualized Loss Expectancy (ALE)

The amount of damage expected from a risk each year, and is calculated by multiplying the Single Loss Expectancy and the Annualized Rate of Occurance

9
New cards

Annualized Rate of Occurrence (ALO)

The number of times the risk is expected each year

10
New cards

Exposure Factor

The percentage of the asset expected to be damaged

11
New cards

Key Risk Indicators

Metrics used to measure and provide early warning signals for increasing levels of risk, and help in tracking the effectiveness of risk mitigation efforts and make sure that the residual risk stays within the risk appetite

12
New cards

Risk Owner

The individual or entity responsible for managing and monitoring risks, including implementing necessary controls and actions to mitigate them

13
New cards

Risk Tolerance

The ability to withstand risks and continue operations without any significant impact

14
New cards

Risk Threshold

The specific level at which a risk becomes unacceptable, is the actual boundary that will trigger some action or decision, and is usually more quantitative, defining clear points or values

15
New cards

Risk Appetite

The level of risk that an organization is willing to accept as a cost of doing business

16
New cards

Expansionary Risk Appetite

Organizations willing to take on higher levels of risk in pursuit of potential higher rewards, and are suitable for organizations looking to grow aggressively, innovate, or capture market share by engaging with new ventures, investments, or technologies

17
New cards

Neutral Risk Appetite

Organizations that take a balanced approach to risk since they are willing to take on moderate levels of risk to achieve steady growth and returns by aiming for stability and moderate growth, usually opting for more secure investments and projects

18
New cards

Conservative Risk Appetite

Organizations that avoid high risks and focus on maintaining stability and protecting existing assets, prioritizing security and preservation over high growth, and are common in highly regulated industries or where the consequences of risks are severe

19
New cards

Risk Transferrence

Shifts some of the impact of a risk from the organization experiences the risk to another entity, like purchasing an insurance policy that covers a risk

20
New cards

Risk Acceptance

Deliberately choosing to take no other risk management strategy and to simply continue operations as normal in face of the risk

21
New cards

Risk Exemption

Formally acknowledging the risk and including documentation to ensure that there is a record of the decision-making process

22
New cards

Risk Exception

Acknowledging the risk and deciding to accept it for certain reasons, such as the cost of mitigating outweighing the cost of the risk

23
New cards

Risk Avoidance

Changing business practices to completely eliminate the potential that a risk will materialize, though could have a serious detrimental impact on the business

24
New cards

Risk Mitigation

The process of applying security controls to reduce the probability and/or magnitude of a risk, and is the most popular risk management strategy

25
New cards

Risk Reporting

Communicating the status of evolution of risks to stakeholders within the organization so that decision-makers are aware of the current risk landscape and can make informed choices regarding risk mitigation strategies

26
New cards

Recovery Time Objective (RTO)

The amount of time that the organization can tolerate a system being down before it is repaired

27
New cards

Recovery Point Objective (RPO)

The amount of data that the organization can tolerate losing during an outage

28
New cards

Mean Time to Repair (MTTR)

The average amount of time to restore a system to its normal operating state after a failure

29
New cards

Mean Time Between Failures (MTBF)

The expected amount of time that will elapse between system failures