IS372-Chapter5

What is a risk assessment for

A risk assessment also known as a risk analysis is a process used to identify risks

What is a safeguard

A safeguard or control is used to control or reduce the risk it may reduce the impact from a threat or reduce a vulnerability 

What are the 3 critical steps that must be completed early in the risk assessment process

Identify Scope, Critical areas, and team members

What is the difference between a qualitative and quantitative risk assessment

Quantitative is objective meaning it uses hard numbers such as dollar values and requires a large amount of data, Qualitative is subjective meaning it uses values based on opinions from experts 

What is ALE

Annual loss expectancy

What is ARO

Annual rate of occurrence

What is EF 

Exposure Factor describes the percentage of loss an asset would suffer if a specific threat materializes 

Are risk assessments static processes

No they are dynamic and should be frequently revisited

A ____ risk assessment uses SLE

Quantitative

Is a qualitative or quantitative faster to complete 

Qualitative is much faster to complete 

Would qualitative or quantitative include details for a CBA

Quantitative

When completing a risk assessment what can be used to indicate the reliability of the data

Uncertainty level

_______ uses hard numbers and terms like SLE, ARO, CBA while ______ uses stuff like probability and impact

Quantitative, Qualitative 

What is the Risk level formula

Risk level = Probability x Impact

Of the 2 risk assessments which one is more precise

Quantitative

Of the two risk assessment types which one uses terms like high, low, medium

Qualitative

What is the general purpose of a qualitative assessment 

Prioritize and categorize risks 

What is the general purpose of a quantitative assessment 

Measure and calculate risk in financial terms