Bash, the Crucial Exams Chat Bot
AI Bot
Risk Management Fundamentals Flashcards
ISC2 Certified in Cybersecurity (CC) Flashcards
Study our Risk Management Fundamentals flashcards for the ISC2 Certified in Cybersecurity (CC) exam with 30+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Define quantitative risk assessment | A method that uses numerical values to assess likelihood and impact |
| Define risk assessment | The process of analyzing potential risks by determining their likelihood and impact |
| How does insurance assist in risk management | By transferring financial consequences of certain risks to an insurer |
| What are the main components of a risk assessment | Identifying assets, threats, vulnerabilities, likelihood, impact |
| What does 'defense in depth' mean in cybersecurity risk management | A layered approach to security to mitigate risks at multiple levels |
| What does risk mitigation involve | Implementing strategies to reduce the likelihood or impact of identified risks |
| What does the term 'impact assessment' mean | Evaluating the consequences of a risk event occurring |
| What does the term "risk appetite" mean | The level of risk an organization is willing to accept |
| What is a common tool for visualizing risks | A risk matrix or heat map |
| What is a key principle of risk communication | Ensuring all stakeholders understand the risks and management strategies |
| What is a threat actor | An individual, group, or entity that poses a threat to an organization |
| What is a vulnerability in the context of risk management | A weakness that can be exploited by a threat |
| What is an example of a risk mitigation strategy | Installing firewalls to prevent unauthorized access |
| What is meant by 'risk avoidance' | An approach where risks are eliminated by avoiding activities that create them |
| What is meant by 'risk transfer' | Shifting the consequences of a risk to a third party, such as through insurance |
| What is residual risk | The level of risk that remains after mitigation strategies are applied |
| What is risk management | The process of identifying, assessing, and responding to risks to minimize their impact on objectives |
| What is the difference between a threat and a risk | A threat is a potential danger, while a risk is the likelihood and impact of that danger occurring |
| What is the difference between proactive and reactive risk management | Proactive involves anticipating and addressing risks before they occur; reactive involves responding to risks after they occur |
| What is the first step in risk management | Risk identification |
| What is the goal of risk prioritization | To determine which risks to address first based on severity and likelihood |
| What is the NIST Risk Management Framework | A structured approach to managing cybersecurity risks developed by the National Institute of Standards and Technology |
| What is the purpose of a control measure in cybersecurity | To reduce the likelihood or impact of a risk |
| What is the purpose of a risk register | A tool to document and monitor risks and their management plans |
| What is the role of a qualitative risk assessment | To evaluate risks based on non-numeric criteria such as judgement or experience |
| What is the role of incident response in risk management | To manage and limit damage after a cybersecurity event occurs |
| What is the significance of compliance in risk management | Adherence to regulations and standards reduces risks associated with legal and financial penalties |
| When is risk acceptance used | When the cost of mitigation exceeds the value or likelihood of the risk |
| Why is continuous monitoring important in risk management | To ensure new risks are identified and managed promptly |
| Why is risk management essential in cybersecurity | To protect systems, data, and processes from vulnerabilities and threats |
About the Flashcards
Flashcards for the ISC2 Certified in Cybersecurity (CC) exam help students review core risk management terminology and concepts used in cybersecurity. Cards cover processes such as risk identification, risk assessment (qualitative and quantitative), prioritization, and mitigation, plus definitions of threats, vulnerabilities, residual risk, and common control measures.
The deck reinforces tools and practices tested on the exam, including risk registers, risk matrices and heat maps, the NIST Risk Management Framework, incident response, compliance, and approaches like risk avoidance, transfer (insurance), and acceptance. It also emphasizes continuous monitoring, impact assessment, defense in depth, and effective risk communication for stakeholders.
Topics covered in this flashcard deck:
- Risk management process
- Risk assessment methods
- Threats and vulnerabilities
- Mitigation strategies and controls
- Risk registers and monitoring
- NIST Risk Management Framework