Risk Management Concepts

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/17

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

18 Terms

1
New cards

Risk Identification

Recognizing potential risks.

2
New cards

Risk Assessment

Evaluating the likelihood and impact.

3
New cards

Risk Mitigation

A risk response strategy whereby the project team acts to reduce the probability of occurrence or impact of a risk.

4
New cards

Risk Monitoring and Review

Continuously tracking identified risks and detecting new ones.

5
New cards

Risk Planning

Identifying, analyzing, and determining how risk events will be managed for a project.

6
New cards

NIST SP 800-37

Operational-level implementation of the Risk Management Framework (RMF).

7
New cards

NIST SP 800-39

Enterprise-wide information security risk management.

8
New cards

NIST 800-37 FW Prepare

Set up a framework and establish priorities at both organizational and system levels to manage security and privacy risks. This includes understanding the context and setting clear goals.

9
New cards

NIST 800-37 FW Categorize

Analyze the system and the data it processes, stores, and transmits, and categorize them based on the potential impact if a loss occurs. This will help understand what needs to be protected and how crucial it is.

10
New cards

NIST 800-37 FW Select

Choose a preliminary set of security measures for the system and customize them as necessary to manage risk down to an acceptable level, based on a risk assessment.

11
New cards

NIST 800-37 FW Implement

Put the selected controls into action and document how they are used within the system and its operational environment. This ensures that everyone understands how and why specific security measures are being applied.

12
New cards

NIST 800-37 FW Assess

Evaluate the implemented controls to confirm they're set up correctly, functioning as intended, and achieving the desired outcomes in terms of meeting security and privacy needs.

13
New cards

NIST 800-37 FW Authorize

Approve the system or common controls for use based on a judgment that the remaining risk to the organization's operations and assets, as well as to individuals, other organizations, and the nation, is acceptable.

14
New cards

NIST 800-37 FW Monitor

Continually keep an eye on the system and its controls. This includes assessing how effective the controls are, documenting any changes to the system or its operating environment, conducting risk assessments and impact analyses, and reporting on the security and privacy status of the system.

15
New cards

NIST 800-39 Frame Risk

Establish context: define risk tolerance, assumptions, constraints, priorities

16
New cards

NIST 800-39 Assess Risk

Identify threats, vulnerabilities, likelihood, and impact

17
New cards

NIST 800-39 Respond to Risk

Decide how to address risk: avoid, accept, mitigate, or share

18
New cards

NIST 800-39 Monitor Risk

Continuously monitor risk, effectiveness of responses, and organizational changes