Lecture 2: Cybersecurity Information and Risk

Flashcards covering key concepts and definitions related to cybersecurity and risk management discussed in Lecture 2.

Risk Management

The process of understanding and responding to factors that may lead to a failure in the confidentiality, integrity or availability of an information system.

CIA Triad

A model designed to guide policies for information security; it consists of three key components: Confidentiality, Integrity, and Availability.

Qualitative Risk Analysis

A method of analyzing risk based on subjective data and perceptions, often using scenarios to gauge the likelihood and impact of risks.

Quantitative Risk Analysis

A method of analyzing risk using numerical data to estimate financial impacts, often expressed in monetary terms.

Risk Treatment Options

Strategies for managing risk, including Mitigation, Acceptance, Avoidance, and Transfer.

Risk Assessment Process

A systematic process consisting of Risk Identification, Risk Analysis, and Risk Evaluation.

Residual Risk

The level of risk remaining after risk treatment has been applied.

Key Elements of Risk

Components that include Stakeholders, Assets, Vulnerabilities, Threat Agents, and Threats that contribute to the overall risk environment.

Effective Risk Communication

The process of communicating risk-related information to stakeholders to ensure informed decision-making.

CVE – Common Vulnerabilities and Exposures

A reference method for publicly known information-security vulnerabilities and exposures.