Bash, the Crucial Exams Chat Bot
AI Bot
ISC2 CISSP - Risk Management and Calculations Flashcards
ISC2 CISSP Flashcards
Study our ISC2 CISSP - Risk Management and Calculations flashcards for the ISC2 CISSP exam with 25+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| What does ALE stand for? | Annualized Loss Expectancy |
| What does ARO stand for? | Annualized Rate of Occurrence |
| What does AV stand for? | Asset Value |
| What does SLE stand for? | Single Loss Expectancy |
| What is a risk appetite? | The amount of risk an organization is willing to accept |
| What is a safeguard? | A control or countermeasure that reduces risk |
| What is a threat? | A potential cause of an unwanted incident |
| What is a vulnerability? | A weakness in a system that can be exploited by a threat |
| What is asset value (AV)? | The total worth of an asset, including tangible and intangible value |
| What is Exposure Factor (EF)? | The percentage of asset value lost in an incident |
| What is inherent risk? | The level of risk before any controls or mitigation are applied |
| What is qualitative risk analysis? | A subjective assessment of risk based on experience and judgment |
| What is quantitative risk analysis? | A numerical assessment of risk based on formulas and data |
| What is residual risk? | Risk remaining after controls are applied |
| What is risk acceptance? | Acknowledging and choosing to retain a risk without taking action |
| What is risk avoidance? | Eliminating a risk entirely by not engaging in the activity |
| What is risk mitigation? | Reducing the impact or likelihood of a risk |
| What is risk transference? | Another term for transferring risk to a third party |
| What is risk? | The potential for loss or damage when a threat exploits a vulnerability |
| What is the difference between a threat and a vulnerability? | A threat is a potential danger; a vulnerability is a weakness that can be exploited |
| What is the formula for Annualized Loss Expectancy (ALE)? | ALE = SLE × ARO |
| What is the formula for Exposure Factor? | EF = Loss Amount ÷ Asset Value |
| What is the formula for Residual Risk? | Residual Risk = Inherent Risk – Control Effectiveness |
| What is the formula for Single Loss Expectancy (SLE)? | SLE = Asset Value × Exposure Factor |
| What is transfer of risk? | Shifting risk to a third party, such as through insurance |
About the Flashcards
Flashcards for the ISC2 CISSP exam help you master core risk management terminology and calculations with concise definition-and-formula cards. The deck emphasizes quantitative measures such as ALE, SLE, ARO and Exposure Factor, plus asset value (AV) concepts and the mathematical relationships used to estimate expected loss and exposure.
Use these cards to review distinctions between threats, vulnerabilities, inherent and residual risk, and to practice common risk responses like transfer, avoidance, mitigation, and acceptance. Also included are items on qualitative versus quantitative risk analysis, safeguards, and risk appetite to reinforce the vocabulary and concepts typically tested on the exam.
Topics covered in this flashcard deck:
- ALE, SLE, ARO formulas
- Exposure Factor (EF), Asset Value (AV)
- Threats, vulnerabilities, safeguards
- Residual and inherent risk
- Risk transfer, mitigation, acceptance
- Qualitative vs quantitative analysis