Risk Management, Business Continuity, and Disaster Recovery

A set of vocabulary flashcards summarizing key terms and concepts related to Risk Management, Business Continuity, and Disaster Recovery.

Risk Management

The process of identifying, assessing, and prioritizing risks followed by coordinated efforts to minimize, control, and monitor the probability and impact of unfortunate events.

Threat

Anything that may happen that impacts an organization's resources.

Vulnerability

Any exposure that could allow a threat to be realized.

Risk Assessment

An activity to identify and categorize individual risks that may impact the organization.

Impact

The amount of harm that the actualization of a threat will cause to an organization.

Incident

Any event that violates or threatens to violate an organization’s security policy.

Countermeasure

Designed to counter or address a specific threat.

Business Continuity Plan (BCP)

A plan that outlines how a business will handle disruptions to ensure continued operation.

Disaster Recovery Plan (DRP)

A documented process to recover and protect a business IT infrastructure in the event of a disaster.

Critical Business Function (CBF)

A business function that is essential to the operation and survival of the organization.

Maximum Tolerable Downtime (MTD)

The longest time that an organization can endure a disruption before suffering irreparable harm.

Recovery Time Objective (RTO)

The target time set for the recovery of IT and business activities after a disruption.

Recovery Point Objective (RPO)

The maximum acceptable amount of data loss measured in time.

Emergency Operations Center (EOC)

A location from which the organization can coordinate and direct its response to emergencies.

Risk Register

A tool used to document identified risks, including risk levels, priorities, and mitigation strategies.

Business Impact Analysis (BIA)

The process of determining the potential impacts of a disruption to critical business functions.

Incident Handling Process

A series of steps to respond to, manage, and recover from a security incident.

Backup Types

Includes full backups, differential backups, and incremental backups used for data recovery.

Quantitative Risk Assessment

A method of assessing risk in numerical terms to calculate the financial impact of potential risks.

Qualitative Risk Assessment

A method that assesses risks based on subjective judgment or non-numeric factors.

Risk Mitigation

Strategies aimed at reducing the potential impact or likelihood of a risk.

Risk Acceptance

The decision to accept the potential risk without taking any specific measures to mitigate it.

Risk Transference

Shifting the impact of a risk to a third party, often through insurance.

Emergency Contact

The person or team responsible for communication during a crisis.

Regulatory Compliance

Ensuring that an organization adheres to laws, regulations, guidelines, and specifications relevant to its business.