Bash, the Crucial Exams Chat Bot
AI Bot
Risk Management Fundamentals Flashcards
ISC2 Certified in Cybersecurity (CC) Flashcards
| Front | Back |
| Define quantitative risk assessment | A method that uses numerical values to assess likelihood and impact |
| Define risk assessment | The process of analyzing potential risks by determining their likelihood and impact |
| How does insurance assist in risk management | By transferring financial consequences of certain risks to an insurer |
| What are the main components of a risk assessment | Identifying assets, threats, vulnerabilities, likelihood, impact |
| What does 'defense in depth' mean in cybersecurity risk management | A layered approach to security to mitigate risks at multiple levels |
| What does risk mitigation involve | Implementing strategies to reduce the likelihood or impact of identified risks |
| What does the term 'impact assessment' mean | Evaluating the consequences of a risk event occurring |
| What does the term "risk appetite" mean | The level of risk an organization is willing to accept |
| What is a common tool for visualizing risks | A risk matrix or heat map |
| What is a key principle of risk communication | Ensuring all stakeholders understand the risks and management strategies |
| What is a threat actor | An individual, group, or entity that poses a threat to an organization |
| What is a vulnerability in the context of risk management | A weakness that can be exploited by a threat |
| What is an example of a risk mitigation strategy | Installing firewalls to prevent unauthorized access |
| What is meant by 'risk avoidance' | An approach where risks are eliminated by avoiding activities that create them |
| What is meant by 'risk transfer' | Shifting the consequences of a risk to a third party, such as through insurance |
| What is residual risk | The level of risk that remains after mitigation strategies are applied |
| What is risk management | The process of identifying, assessing, and responding to risks to minimize their impact on objectives |
| What is the difference between a threat and a risk | A threat is a potential danger, while a risk is the likelihood and impact of that danger occurring |
| What is the difference between proactive and reactive risk management | Proactive involves anticipating and addressing risks before they occur; reactive involves responding to risks after they occur |
| What is the first step in risk management | Risk identification |
| What is the goal of risk prioritization | To determine which risks to address first based on severity and likelihood |
| What is the NIST Risk Management Framework | A structured approach to managing cybersecurity risks developed by the National Institute of Standards and Technology |
| What is the purpose of a control measure in cybersecurity | To reduce the likelihood or impact of a risk |
| What is the purpose of a risk register | A tool to document and monitor risks and their management plans |
| What is the role of a qualitative risk assessment | To evaluate risks based on non-numeric criteria such as judgement or experience |
| What is the role of incident response in risk management | To manage and limit damage after a cybersecurity event occurs |
| What is the significance of compliance in risk management | Adherence to regulations and standards reduces risks associated with legal and financial penalties |
| When is risk acceptance used | When the cost of mitigation exceeds the value or likelihood of the risk |
| Why is continuous monitoring important in risk management | To ensure new risks are identified and managed promptly |
| Why is risk management essential in cybersecurity | To protect systems, data, and processes from vulnerabilities and threats |
This deck explores core concepts of risk assessment, mitigation strategies, and the importance of risk management in cybersecurity decision-making.