Related Essays

  • Case Study: IT Security Plan

    The goal at this point is to create a method for evaluating the relative risk of each of the listed vulnerabilities. There are many detailed methods for dete...

  • Risk Analysis And Risk Management

    For an organization to successfully enforce its security program, it must take risk analysis and risk management into consideration. A risk analysis will ide...

  • Argos Case Study

    Risk Management: Risk Management is a methodology for distinguishing, evaluating, and prioritizing risk of various types. When the risks are distinguished, t...

  • Steps Of A Security Risk Assessment

    As a large Fortune 500 company, it is extremely important that all measures against threats are managed properly. With the advancement in Information Technol...

  • Vulnerabilities And Threats

    As there might be a large number of vulnerabilities and associated threats that could disturb the assets, it is also important to be properly categorize th...

  • Risk, Management And Implications And Scope Of Risk Management

    1 Introduction During the last years, the acknowledgment of business and different activities has been more overburdened by many complications and uncertai...

  • Case Study: The Challenger Launch

    Risk management primarily refers to the risk of life that an organization must account and conduct procedures for, implying that the risk is already present ...

  • Case Study Of Risk Assessment: Pinellas County Schools

    (2006, February). Special Publication 800-18 REV 1: Guide For Developing Security Plans For Information Technology Systems. Retrieved October 30, 2015 from...

  • Meggitt Plc Case Study

    3.5. Risk Management Schmit and Roth (1990) assert that the basic concept that aims to reduce the negative effects of uncertainties with respect to losses i...

  • Kallman Assessing Risk

    Assessing Risks Trey Russell July 17, 2017 BUS 401: Leon Daniel Risk Management James Kallman is revered as an expert in the field of risk managem...

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/17

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

17 Cards in this Set

  • Front
  • Back

Quantitative risk Analysis formulas

ALE=SLE*ARO


ARO=ALE/SLE


SLE=ALE/ARO

SLE

Single loss expectancy

ARO

ANNUAL RATE OF OCCURRENCE

ALE

Annual loss expectancy

Threat assessment

Helps organize, identify, and categorize threats

Human Threats

Malicious humans, script kiddies, hacktivists, advanced persistent threats (APT), ORGANIZED CRIME, insiders

Accidental human threats

Accidental deletion or corruption of data. Unintentional system outages caused by Admin

Environmental threats

Long term power outages, floods, landslides, electrical storms, Hurricane, tornadoes, earthquakes,

Environmental Threat assessment

Evaluates likelyhood of an environmental threat occurring

Man made threat assessment

Evaluates threats from humans. Includes malicious and accidental threats from humans

Internal threat assessment

Evaluates threats from inside the organization from malicious employees and from accidents and faulty HW

Vulnerabilities

Flaw or weakness in the SW or HW, or weakness in a process that threat could exploit

Examples of vulnerabilities

Lack of updates


Default configs


Lack of malware updates


Lack of updated definitions


Lack of firewall


Lack of organizational policies

Risk Mgmnt

Identifying, monitoring, and limiting risks to a manageable level. Identifies methods to limit or mitigate the risks

Risk response techniques AKA risk management methods

Avoid - avoid the risk by not providing a Service or participating in risky behaviour


Transfer- transfer risk to another company: buy insurance, outsource, contracting a third party


Mitigate- implement controls to reduce risk... antivirus, security guard


Accept - cost of a control outweighs the risk

Risk assessment

Quantifies (Quantative risk assessment) or qualified (qualitative risk assessment) risks based on value or judgements respectively

What is the first step in a risk assessment

Identify assets and asset values