• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/10

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

10 Cards in this Set

  • Front
  • Back

Risk Management

It is an analytical and systematic process, by which an organisation, identify,reduces and controls its risk and loss

What Questions to ask before thinking of protecting and assets

1) what I'm I protecting


2)why I'm I protecting it


3) how I'm I protecting it

What risk management helps a security professional with

1) it helps in rational decision making about expenditure of scarce resources and also on the selection of cost effective measures to protect valuable assets



2) it also improves the success rate of an organizations security efforts



3) and also helps security professionals ans the question, how much security is enough?

Main stages of the risk management process

1) establish the context


2) identify the risk(risk identification)


3) analyze the risk(risk analysis)


4) evaluate the risk( risk evaluation)


5) treat the risk(risk treatment)

Considering assets

Assets are the first thing to consider before carrying out a risk assessment. They are tangible and intangible, security professionals should always desist from ignoring the intangible asses, during their consideration of assets

Threats

There are three type of threats


1) intentional


2) natural


3) inadvertent


Security professionals should always consider all three categories of threats when conducting a threat and vunurabilty analysis

What is vulnerability

It is a weakness or organizational practice that may allow a threat to be implemented or increase the magnitude of a loss event

Risk analysis( what it does)

1) it introduces the severity or impact of a loss event or risk. It opens the organisations eyes, as to the severity of a risk if it is let to occur. This leads to the prioritization of risk


2) it prioritizes risk and places it into some kind of importance. This therefore helps organisations make decisions on which risk to address first, which it can ignore and on how much is worth spending for the mitigation

Protective measure

This measure seeks to address an effective way to protect the relevant risk, while considering available resources .it includes


1) selecting -choosing the right method to address the risk


2) testing -test the selected method


Questions like if the selected method operates in the selected environment,does it work smoothly with the over all system? Is it producing the desired result in terms of risk reduction?, are employees adapting well to it?


3)this comes after it has been tested to work correctly, the selected system is now implemented and employees are notified


3) training comes last. Security staffs and other departments should be trained on using the implemented systems

Steps in security risk Management

1) consideration of the asset


2) a comprehensive view of the threat


3) looking at the vulnerabilities


4) analysing the risk


5) putting up protective measures