ITEC 3500 - L1: Intro to IT Risk Management and ERM Framework
Studied by 2 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/26
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
27 Terms
ERM
Enterprise Risk Management involves identifying potential events affecting an entity and managing risks within its risk appetite.
Risk Appetite
The level of risk an organization is willing to accept in pursuit of its business objectives.
Risk Universe
A comprehensive list of all possible risks that could impact an organization's objectives.
KRI
Key Risk Indicators are metrics signaling increasing risk exposures in various areas of an enterprise.
ALE
Annual Loss Expectancy is the expected loss per year calculated as Single Loss Expectancy * Annualized Rate of Occurrence.
SLE
Single Loss Expectancy is the potential loss amount for a single event impacting a company.
ARO
Annualized Rate of Occurrence represents the estimated frequency of a specific threat happening within a year.
Leading Indicators
Proactive metrics identifying emerging trends for risks to enable preventive actions.
Lagging Indicators
Reactive metrics providing information about past events and their impacts.
Three Lines of Defense
A risk governance model involving Risk Owners, Risk Oversight, and Risk Assurance to manage risks effectively.
Risk Owners
First line of defense responsible for managing risks within their respective business areas.
Risk Oversight
Second line of defense providing oversight and guidance on risk management across the organization.
Risk Assurance
Third line of defense ensuring the effectiveness of risk management processes and controls.
IT Risk
Potential events related to IT systems that could have adverse effects on business operations.
Risk Management Framework
A structured approach to identify, assess, and mitigate risks in alignment with organizational objectives.
Risk Language
Common terminology used to communicate and assess risks consistently across an organization.
Risk Reporting
The process of documenting and communicating information about risks to relevant stakeholders.
Risk Mitigation
Actions taken to reduce the likelihood or impact of identified risks.
Risk Assessment
The process of evaluating potential risks to determine their likelihood and impact on business objectives.
Risk Governance
The structure and processes through which an organization manages risks effectively.
Risk Framework
A set of tools, practices, and guidelines for managing risks consistently within an organization.
Risk Culture
The values, beliefs, and behaviors related to risk within an organization.
Risk Strategy
A plan outlining how an organization intends to manage and respond to risks to achieve its objectives.
Risk Monitoring
The ongoing process of tracking and evaluating risks to ensure they are within acceptable levels.
Risk Response
The actions taken to address identified risks, including acceptance, avoidance, mitigation, or transfer.
Risk Register
A documented list of identified risks, their likelihood, impact, and planned responses.
Risk Tolerance
The level of risk that an organization is willing to accept or retain.