Risk Management Concepts

The process of determining potential risks that could affect an organization's ability to achieve its objectives is called:

Risk identification

The process of evaluating discovered risks to understand their potential impact and likelihood is referred to as:

Risk assessment 

Which of the following answers refers to a risk assessment method based on need, typically conducted in response to specific events or changes, such as after a major organizational change or a security breach?

Ad hoc

Which of the answers listed below refers to an example of recurring risk assessment?

Quarterly or annual risk assessments

Which of the following answers refers to a risk assessment conducted for a specific purpose or project, without plans for regular reassessment (e.g., risk assessment for a new product launch)?

One-time

Which of the answers listed below refers to an example of continuous risk assessment?

Real-time monitoring of network security threats

Assessment of risk probability and its impact based on subjective judgment falls into the category of:

Qualitative risk assessment

A calculation of SLE is an example of:

Quantitative risk assessment 

Which of the following terms is used to describe the predicted loss of value to an asset based on a single security incident?

Single Loss Expectancy (SLE)

Which of the acronyms listed below refers to a risk assessment formula defining probable financial loss due to a risk over a one-year period?

ALE

Which of the following answers refers to the correct formula for calculating probable financial loss due to a risk over a one-year period?

ALE = ARO * SLE

In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat.

Annualized Rate of Occurrenc (ARO)

An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability is known as:

ARO

In the context of risk assessment, the Exposure Factor (EF) is defined as the percentage of loss that a realized threat would have on an asset. If an organization has an asset valued at $10,000 and the EF is determined to be 20%, what would be the SLE?

$2,000

Which of the answers listed below refers to a comprehensive document used in risk management and project management to identify, assess, and track risks?

Risk register

Which of the following terms is used to describe the specific level of risk an organization is prepared to accept in pursuit of its objectives?

Risk tolerance

Which of the terms listed below refers to a general term that describes an organization’s overall attitude towards risk-taking?

Risk appetite 

Contracting out a specialized technical component when the company's employees lack the necessary skills is an example of:

Risk transference

 Cybersecurity insurance is an example of which risk management strategy?

Risk transference

In the context of risk acceptance, choosing not to apply certain controls or safeguards for a specific risk is called:

Exemption

In the risk acceptance strategy, the practice of temporarily not complying with a standard or policy due to a specific risk scenario is referred to as:

Exception

Disabling certain system functions or shutting down the system when risks are identified is an example of:

Risk avoidanc

Which of the following terms describes the process of taking proactive measures to reduce the impact of identified risks?

Risk mitigation 

Which of the acronyms listed below refers to a maximum allowable time to restore critical business functions after a disruption?

RTO

Which of the following defines the maximum acceptable amount of data loss measured by a specific point in time before a disaster or outage?

RPO

Which of the terms listed below is used to describe the average time required to repair a failed component or device?

MTTR

A high MTBF value indicates that a component or system provides low reliability and is more likely to fail.

False

A metric that represents the average amount of time a device or system is expected to operate before experiencing its first failure is known as:

MTTF