Bash, the Crucial Exams Chat Bot
AI Bot
Risk Management Fundamentals Flashcards
ISC2 Certified in Cybersecurity (CC) Flashcards
| Front | Back |
| Define quantitative risk assessment | A method that uses numerical values to assess likelihood and impact |
| Define risk assessment | The process of analyzing potential risks by determining their likelihood and impact |
| How does insurance assist in risk management | By transferring financial consequences of certain risks to an insurer |
| What are the main components of a risk assessment | Identifying assets, threats, vulnerabilities, likelihood, impact |
| What does 'defense in depth' mean in cybersecurity risk management | A layered approach to security to mitigate risks at multiple levels |
| What does risk mitigation involve | Implementing strategies to reduce the likelihood or impact of identified risks |
| What does the term 'impact assessment' mean | Evaluating the consequences of a risk event occurring |
| What does the term "risk appetite" mean | The level of risk an organization is willing to accept |
| What is a common tool for visualizing risks | A risk matrix or heat map |
| What is a key principle of risk communication | Ensuring all stakeholders understand the risks and management strategies |
| What is a threat actor | An individual, group, or entity that poses a threat to an organization |
| What is a vulnerability in the context of risk management | A weakness that can be exploited by a threat |
| What is an example of a risk mitigation strategy | Installing firewalls to prevent unauthorized access |
| What is meant by 'risk avoidance' | An approach where risks are eliminated by avoiding activities that create them |
| What is meant by 'risk transfer' | Shifting the consequences of a risk to a third party, such as through insurance |
| What is residual risk | The level of risk that remains after mitigation strategies are applied |
| What is risk management | The process of identifying, assessing, and responding to risks to minimize their impact on objectives |
| What is the difference between a threat and a risk | A threat is a potential danger, while a risk is the likelihood and impact of that danger occurring |
| What is the difference between proactive and reactive risk management | Proactive involves anticipating and addressing risks before they occur; reactive involves responding to risks after they occur |
| What is the first step in risk management | Risk identification |
| What is the goal of risk prioritization | To determine which risks to address first based on severity and likelihood |
| What is the NIST Risk Management Framework | A structured approach to managing cybersecurity risks developed by the National Institute of Standards and Technology |
| What is the purpose of a control measure in cybersecurity | To reduce the likelihood or impact of a risk |
| What is the purpose of a risk register | A tool to document and monitor risks and their management plans |
| What is the role of a qualitative risk assessment | To evaluate risks based on non-numeric criteria such as judgement or experience |
| What is the role of incident response in risk management | To manage and limit damage after a cybersecurity event occurs |
| What is the significance of compliance in risk management | Adherence to regulations and standards reduces risks associated with legal and financial penalties |
| When is risk acceptance used | When the cost of mitigation exceeds the value or likelihood of the risk |
| Why is continuous monitoring important in risk management | To ensure new risks are identified and managed promptly |
| Why is risk management essential in cybersecurity | To protect systems, data, and processes from vulnerabilities and threats |
Front
Why is risk management essential in cybersecurity
Click the card to flip
Back
To protect systems, data, and processes from vulnerabilities and threats
Front
Define risk assessment
Back
The process of analyzing potential risks by determining their likelihood and impact
Front
What does risk mitigation involve
Back
Implementing strategies to reduce the likelihood or impact of identified risks
Front
What is the goal of risk prioritization
Back
To determine which risks to address first based on severity and likelihood
Front
What is the first step in risk management
Back
Risk identification
Front
What is a common tool for visualizing risks
Back
A risk matrix or heat map
Front
What is an example of a risk mitigation strategy
Back
Installing firewalls to prevent unauthorized access
Front
What is a threat actor
Back
An individual, group, or entity that poses a threat to an organization
Front
What is meant by 'risk avoidance'
Back
An approach where risks are eliminated by avoiding activities that create them
Front
When is risk acceptance used
Back
When the cost of mitigation exceeds the value or likelihood of the risk
Front
What is the purpose of a risk register
Back
A tool to document and monitor risks and their management plans
Front
What is the role of a qualitative risk assessment
Back
To evaluate risks based on non-numeric criteria such as judgement or experience
Front
What is the role of incident response in risk management
Back
To manage and limit damage after a cybersecurity event occurs
Front
What is the difference between a threat and a risk
Back
A threat is a potential danger, while a risk is the likelihood and impact of that danger occurring
Front
What is the purpose of a control measure in cybersecurity
Back
To reduce the likelihood or impact of a risk
Front
Define quantitative risk assessment
Back
A method that uses numerical values to assess likelihood and impact
Front
Why is continuous monitoring important in risk management
Back
To ensure new risks are identified and managed promptly
Front
What is a vulnerability in the context of risk management
Back
A weakness that can be exploited by a threat
Front
What is a key principle of risk communication
Back
Ensuring all stakeholders understand the risks and management strategies
Front
What is risk management
Back
The process of identifying, assessing, and responding to risks to minimize their impact on objectives
Front
What does 'defense in depth' mean in cybersecurity risk management
Back
A layered approach to security to mitigate risks at multiple levels
Front
What is the significance of compliance in risk management
Back
Adherence to regulations and standards reduces risks associated with legal and financial penalties
Front
What does the term "risk appetite" mean
Back
The level of risk an organization is willing to accept
Front
What is meant by 'risk transfer'
Back
Shifting the consequences of a risk to a third party, such as through insurance
Front
How does insurance assist in risk management
Back
By transferring financial consequences of certain risks to an insurer
Front
What is the NIST Risk Management Framework
Back
A structured approach to managing cybersecurity risks developed by the National Institute of Standards and Technology
Front
What is residual risk
Back
The level of risk that remains after mitigation strategies are applied
Front
What does the term 'impact assessment' mean
Back
Evaluating the consequences of a risk event occurring
Front
What is the difference between proactive and reactive risk management
Back
Proactive involves anticipating and addressing risks before they occur; reactive involves responding to risks after they occur
Front
What are the main components of a risk assessment
Back
Identifying assets, threats, vulnerabilities, likelihood, impact
1/30
This deck explores core concepts of risk assessment, mitigation strategies, and the importance of risk management in cybersecurity decision-making.