Cybersecurity Risk Management and Asset Valuation Concepts

What is Asset Valuation in cybersecurity?

Assigning financial value to information assets in transit, at rest, or in use.

What is the purpose of Benchmarking in cybersecurity?

Comparing security processes with peer organizations to determine acceptable standards and asset valuation practices.

What does a Business Continuity (BC) Plan aim to achieve?

Keeps business operations running when disasters exceed the capabilities of the Disaster Recovery plan.

What are the three core pillars of information security in the CIA Triad?

Confidentiality, Integrity, and Availability.

What is Cost Avoidance?

Preventing financial loss by putting controls in place.

What is the focus of Cost-Benefit Analysis (CBA) in cybersecurity?

Determining if a security control is economically worth implementing.

What does Cybersecurity encompass?

The complete set of controls created to protect an organization’s information assets.

What does Cybersecurity Risk refer to?

Risks arising from losing confidentiality, integrity, or availability of information assets.

How does Cybersecurity Risk Mitigation work?

Using prevention, detection, and remediation processes to reduce cybersecurity threats.

What is a Disaster Recovery (DR) Plan?

Steps and strategies for restoring operations after an incident.

What does Impact refer to in cybersecurity risk?

Total damage incurred if a threat exploits a vulnerability.

What is the purpose of an Incident Response (IR) Plan?

Guides immediate actions during an incident—what to do and who to contact.

What is Information Risk?

Likelihood that unauthorized access or actions will compromise data confidentiality, integrity, or availability.

What is IT Risk Management?

Policies, procedures, and technologies used to reduce IT threats and vulnerabilities.

What does Likelihood indicate in cybersecurity risk?

Probability that a threat will occur.

What is considered Personally Identifiable Information (PII)?

High-risk data like name, birth date, social security number, or IP address.

What is Residual Risk?

Risk that remains after controls are applied.

What is Risk defined as in cybersecurity?

Potential for negative business outcomes; Formula: Risk = Threat × Vulnerability × Asset.

What is Risk Appetite?

Level and type of risk an organization is willing to accept.

What does Risk Assessment involve?

Process of identifying and evaluating risks to assets.

What is Risk Control?

Identifying, analyzing, prioritizing, and monitoring risks to organizational information.

What are the Risk Control Strategies?

Five approaches to handling risk: Defend, Transfer, Mitigate, Accept, Terminate.

What is involved in Risk Identification?

Identifying, classifying, and prioritizing information assets.

What defines a Threat in cybersecurity?

Any event that could harm an organization’s people or assets.

What is Two-Factor Authentication (2FA)?

Additional login security that protects against phishing, password attacks, and social engineering.

What is a Vulnerability in cybersecurity?

A weakness that could be exploited by a threat.