Bash, the Crucial Exams Chat Bot
AI Bot
ISC2 CISSP - Risk Management and Calculations Flashcards
What is residual risk?
What is a safeguard?
Risk remaining after controls are applied
The total worth of an asset, including tangible and intangible value
What is the formula for Residual Risk?
What is asset value (AV)?
A potential cause of an unwanted incident
What is Exposure Factor (EF)?
Residual Risk = Inherent Risk – Control Effectiveness
The percentage of asset value lost in an incident
What is a threat?
A control or countermeasure that reduces risk
| Front | Back |
| What does ALE stand for? | Annualized Loss Expectancy |
| What does ARO stand for? | Annualized Rate of Occurrence |
| What does AV stand for? | Asset Value |
| What does SLE stand for? | Single Loss Expectancy |
| What is a risk appetite? | The amount of risk an organization is willing to accept |
| What is a safeguard? | A control or countermeasure that reduces risk |
| What is a threat? | A potential cause of an unwanted incident |
| What is a vulnerability? | A weakness in a system that can be exploited by a threat |
| What is asset value (AV)? | The total worth of an asset, including tangible and intangible value |
| What is Exposure Factor (EF)? | The percentage of asset value lost in an incident |
| What is inherent risk? | The level of risk before any controls or mitigation are applied |
| What is qualitative risk analysis? | A subjective assessment of risk based on experience and judgment |
| What is quantitative risk analysis? | A numerical assessment of risk based on formulas and data |
| What is residual risk? | Risk remaining after controls are applied |
| What is risk acceptance? | Acknowledging and choosing to retain a risk without taking action |
| What is risk avoidance? | Eliminating a risk entirely by not engaging in the activity |
| What is risk mitigation? | Reducing the impact or likelihood of a risk |
| What is risk transference? | Another term for transferring risk to a third party |
| What is risk? | The potential for loss or damage when a threat exploits a vulnerability |
| What is the difference between a threat and a vulnerability? | A threat is a potential danger; a vulnerability is a weakness that can be exploited |
| What is the formula for Annualized Loss Expectancy (ALE)? | ALE = SLE × ARO |
| What is the formula for Exposure Factor? | EF = Loss Amount ÷ Asset Value |
| What is the formula for Residual Risk? | Residual Risk = Inherent Risk – Control Effectiveness |
| What is the formula for Single Loss Expectancy (SLE)? | SLE = Asset Value × Exposure Factor |
| What is transfer of risk? | Shifting risk to a third party, such as through insurance |
Front
What is risk mitigation?
Click the card to flip
Back
Reducing the impact or likelihood of a risk
Front
What is a safeguard?
Back
A control or countermeasure that reduces risk
Front
What is residual risk?
Back
Risk remaining after controls are applied
Front
What is quantitative risk analysis?
Back
A numerical assessment of risk based on formulas and data
Front
What is a risk appetite?
Back
The amount of risk an organization is willing to accept
Front
What is risk transference?
Back
Another term for transferring risk to a third party
Front
What is risk acceptance?
Back
Acknowledging and choosing to retain a risk without taking action
Front
What is inherent risk?
Back
The level of risk before any controls or mitigation are applied
Front
What is a vulnerability?
Back
A weakness in a system that can be exploited by a threat
Front
What is Exposure Factor (EF)?
Back
The percentage of asset value lost in an incident
Front
What does ARO stand for?
Back
Annualized Rate of Occurrence
Front
What is risk?
Back
The potential for loss or damage when a threat exploits a vulnerability
Front
What is asset value (AV)?
Back
The total worth of an asset, including tangible and intangible value
Front
What does SLE stand for?
Back
Single Loss Expectancy
Front
What is the formula for Exposure Factor?
Back
EF = Loss Amount ÷ Asset Value
Front
What is the formula for Residual Risk?
Back
Residual Risk = Inherent Risk – Control Effectiveness
Front
What is qualitative risk analysis?
Back
A subjective assessment of risk based on experience and judgment
Front
What is the formula for Annualized Loss Expectancy (ALE)?
Back
ALE = SLE × ARO
Front
What is the formula for Single Loss Expectancy (SLE)?
Back
SLE = Asset Value × Exposure Factor
Front
What is a threat?
Back
A potential cause of an unwanted incident
Front
What does AV stand for?
Back
Asset Value
Front
What is the difference between a threat and a vulnerability?
Back
A threat is a potential danger; a vulnerability is a weakness that can be exploited
Front
What does ALE stand for?
Back
Annualized Loss Expectancy
Front
What is transfer of risk?
Back
Shifting risk to a third party, such as through insurance
Front
What is risk avoidance?
Back
Eliminating a risk entirely by not engaging in the activity
1/25
Help you memorize key formulas, definitions, and concepts used in risk management, which are frequently tested and often math-based.