Risk Management

Risk Analysis

Risk Assessment

process of evaluating discovered risks to understand their potential impact and likelihood

Risk Identification

The process of determining potential risks that could negatively impact a project's success. This includes identifying sources of risk and assessing their potential effects.

Ad Hoc assessment

risk assessment method based on need, typically conducted in response to specific events or changes, such as after a major organizational change or a security breach?

One-time assessment

a risk assessment conducted for a specific purpose or project, without plans for regular reassessment

Real-time assessment

a continuous risk assessment method that monitors and evaluates risk factors as they occur, allowing for immediate response to changes.

Qualitative assessment

Assessment of risk probability and its impact based on subjective judgment

Single Loss Expentancy (SLE)

the predicted loss of value to an asset based on a single security incident that includes the asset's value and the potential loss per incident.

Annual Loss Expectancy (ALE)

a risk assessment formula defining probable financial loss due to a risk over a one-year period - ALE = ARO x SLE

ARO (Annual Rate of Occurrance)

An estimate based on the historical data of how often a threat would be successful in exploiting a vulnerability. In quantitative risk assessment, this term is used for estimating the likelihood of occurrence of a future threat

Exposure Factor (EF)

the percentage of loss that a realized threat would have on an asset.

Risk Register

a comprehensive document used in risk management and project management to identify, assess, and track risks

Risk Tolerance

the specific level of risk an organization is prepared to accept in pursuit of its objectives

Risk Apetite

a general term that describes an organization’s overall attitude towards risk-taking such as Disabling certain system functions or shutting down the system when risks are identified

Risk transference

a risk management strategy where the responsibility for the risk is shifted to a third party, such as through insurance or contracts

Risk avoidance

a strategy to eliminate or reduce the likelihood of an adverse event occurring by avoiding the risk altogether.

Risk Exemption

choosing not to apply certain controls or safeguards for a specific risk

Risk Exception

the practice of temporarily not complying with a standard or policy due to a specific risk scenario

Risk Mitigation

the process of taking proactive measures to reduce the impact of identified risks

Recovery Time Objective (RTO)

the maximum acceptable amount of time that a system can be down after a failure before it starts to impact the business negatively

Recovery Point Objective (RPO)

maximum acceptable amount of data loss measured by a specific point in time before a disaster or outage

Mean Time To Recovery (MTTR)

the average time taken to restore a system or service after a failure occurs.

Mean Time Between Failure (MTBF)

the average time elapsed between failures of a system during operation.

Mean Time To Failure (MTTF)

A metric that represents the average amount of time a device or system is expected to operate before experiencing its first failure