• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

17 Cards in this Set

  • Front
  • Back

What is the overall purpose of risk analysis?

To identify the assets within the company and their value so that the threats against those assets can be identified.

What is threat vector?

A tool, or mechanism, the hacker uses to exploit a weakness on a system

What steps are in the Risk Analysis Process?

  1. Identify Assets
  2. Identity Threats for each Asset
  3. Analyze Impact

Name four types of vulnerabilities to Assets?

  1. No System Hardening
  2. No Physical Security
  3. No Security Controls on Data (confidentiality)
  4. No Administrative Controls (Policies and procedures)

Name six types of threats to Assets?

  1. Theft
  2. Hacked from inside (critical systems)
  3. Hacked from outside (public servers)
  4. Natural Disasters
  5. Hardware Failures
  6. Fraud

Name four types of tangible impacts?

  1. Loss of revenue or business opportunity
  2. Loss of money due to cost to fix
  3. Loss of production
  4. Employee safety
Name four types of intangible impacts?
  1. Company reputation
  2. Failure to follow regulations
  3. Loss of customer confidence

Once threats have been identified they must be Prioritize base on their?

Impact and Probability of occurring so that you can deal with the more serious threats first.

Threats are prioritized by what two methods?

  1. Qualitative analysis: values assigned based on scale i.e. low, medium, or high, based on a scale you create. Risk = Probability x Loss.
  2. Quantitative analysis: uses scale developed by someone else. Takes time to calculate>

After Prioritizing threats the next step is to?

Identify mitigation techniques

Once solutions to mitigate threats are implemented and the asset has been reevaluated the remaining threats are known as?

Residual risk that must be brought to the attention of management so that they can decide if they are willing to accept the risk or implement additional strategies.

A Probability Scale is based on?

A value created that is based on how the likelihood and impact of an event.

Risk = Probability x Loss

What are the two factors involved in Quantitative analysis:

  1. Single Loss Expectancy (SLE) = Value($) * Exposure Factor (EF)
  2. Annual Rate of Occurrence (ARO) = ALE/SLE

The annual Loss Expectancy = ?

SLE * Annual Rate of Occurence (ARO) = (ALE = EF * Value)

Name five Risk Mitigation Strategies?

  1. Mitigate
  2. Accept
  3. Transfer
  4. Avoid
  5. Deter the risk

Risk management methods?

  1. Enforce technology Security Controls
  2. Change Management
  3. Incident Management
  4. User rights and permissions reviews
  5. Perform routine audits
  6. Enforce policies and procedures

Calculating ALE

TO calculate the ALE:1. Find SLE = Dollar value x Exposure Factor 320 x .18 = 572. Take SLE and multiply it by the ARO fails once every 4 years 25% so .25 x 57 = 14