Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
17 Cards in this Set
- Front
- Back
Quantitative risk Analysis formulas |
ALE=SLE*ARO ARO=ALE/SLE SLE=ALE/ARO |
|
SLE |
Single loss expectancy |
|
ARO |
ANNUAL RATE OF OCCURRENCE |
|
ALE |
Annual loss expectancy |
|
Threat assessment |
Helps organize, identify, and categorize threats |
|
Human Threats |
Malicious humans, script kiddies, hacktivists, advanced persistent threats (APT), ORGANIZED CRIME, insiders |
|
Accidental human threats |
Accidental deletion or corruption of data. Unintentional system outages caused by Admin |
|
Environmental threats |
Long term power outages, floods, landslides, electrical storms, Hurricane, tornadoes, earthquakes, |
|
Environmental Threat assessment |
Evaluates likelyhood of an environmental threat occurring |
|
Man made threat assessment |
Evaluates threats from humans. Includes malicious and accidental threats from humans |
|
Internal threat assessment |
Evaluates threats from inside the organization from malicious employees and from accidents and faulty HW |
|
Vulnerabilities |
Flaw or weakness in the SW or HW, or weakness in a process that threat could exploit |
|
Examples of vulnerabilities |
Lack of updates Default configs Lack of malware updates Lack of updated definitions Lack of firewall Lack of organizational policies |
|
Risk Mgmnt |
Identifying, monitoring, and limiting risks to a manageable level. Identifies methods to limit or mitigate the risks |
|
Risk response techniques AKA risk management methods |
Avoid - avoid the risk by not providing a Service or participating in risky behaviour Transfer- transfer risk to another company: buy insurance, outsource, contracting a third party Mitigate- implement controls to reduce risk... antivirus, security guard Accept - cost of a control outweighs the risk |
|
Risk assessment |
Quantifies (Quantative risk assessment) or qualified (qualitative risk assessment) risks based on value or judgements respectively |
|
What is the first step in a risk assessment |
Identify assets and asset values |