Level 19 Level 21
15 words 0 ignored
Ready to learn Ready to review
Check the boxes below to ignore/unignore words, then click save at the bottom. Ignored words will never appear in any learning session.
risk assessment methodology inputs
Asset identification, threat assessment and vulnerability assessment
Information used to estimate impact and likelihood usually comes from
Past experience or data and records,
If risk is not properly analyzed
The implementation of security is left to guesswork.
Can be oriented toward one of the inputs, making the risk
Important assets are defined first, and then potential threats to those assets are analyzed.
Potential threats are determined first, and then threat scenarios are developed. Based on the scenarios,
Some organizations will perform these from more than one orientation to compensate for the
Once risk is identified and prioritized
Existing controls should be analyzed to determine their effectiveness in
A very important criterion in control selection and evaluation
Is that the cost of the control (including its
Takes considerable planning and knowledge of specific risk assessment methodologies
Choosing the exact method
For the risk assessment to be successful
The risk assessment process should fit the goals of the
Must be clearly defined and understood by everyone involved in the risk assessment process
When performing a risk assessment
It is important to understand the organization's unique risk appetite and
Can have a significant impact on risk management.
Cultural aspects like financial institutions or small
Is not a one-off process.