Level 19 Level 21
Level 20

271 - 285

15 words 0 ignored

Ready to learn       Ready to review

Ignore words

Check the boxes below to ignore/unignore words, then click save at the bottom. Ignored words will never appear in any learning session.

All None

risk assessment methodology inputs
Asset identification, threat assessment and vulnerability assessment
Information used to estimate impact and likelihood usually comes from
Past experience or data and records,
If risk is not properly analyzed
The implementation of security is left to guesswork.
risk analyses
Can be oriented toward one of the inputs, making the risk
Important assets are defined first, and then potential threats to those assets are analyzed.
Potential threats are determined first, and then threat scenarios are developed. Based on the scenarios,
risk assessments
Some organizations will perform these from more than one orientation to compensate for the
Once risk is identified and prioritized
Existing controls should be analyzed to determine their effectiveness in
A very important criterion in control selection and evaluation
Is that the cost of the control (including its
Takes considerable planning and knowledge of specific risk assessment methodologies
Choosing the exact method
For the risk assessment to be successful
The risk assessment process should fit the goals of the
Assessment scope
Must be clearly defined and understood by everyone involved in the risk assessment process
When performing a risk assessment
It is important to understand the organization's unique risk appetite and
Can have a significant impact on risk management.
Cultural aspects like financial institutions or small
risk assessment
Is not a one-off process.