Risk Management Frameworks Flashcards

Question and answer style flashcards covering key aspects of various risk management frameworks, including NIST RMF, NIST CSF, ISO/IEC 27005, COBIT, and FAIR.

What are the 7 steps of the NIST RMF?

Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor.

What are the 5 core functions of the NIST CSF?

Identify, Protect, Detect, Respond, Recover.

Which framework uses financial modeling to quantify risk?

FAIR (Factor Analysis of Information Risk).

Which framework is part of the ISO 27000 series?

ISO/IEC 27005.

What is the main use case for COBIT?

IT governance and aligning security with business objectives.

Which risk management framework is used by the U.S. government and contractors?

NIST RMF (Risk Management Framework)

Which risk management framework is used broadly in the private sector and critical infrastructure and is non-technical friendly?

NIST CSF (Cybersecurity Framework)

Which framework focuses on risk assessment, treatment, monitoring, and ISMS integration (ISO 27001)?

ISO/IEC 27005

Which framework is used for IT governance, performance measurement, and risk optimization?

COBIT (Control Objectives for Information and Related Technologies)

Which risk analysis framework uses financial modeling, focusing on financial impact and probabilistic risk calculation, and measures risk in dollars?

FAIR (Factor Analysis of Information Risk)