Level 20 Level 22
Level 21

286 - 300

15 words 0 ignored

Ready to learn       Ready to review

Ignore words

Check the boxes below to ignore/unignore words, then click save at the bottom. Ignored words will never appear in any learning session.

All None

No organization is static
Technology, business, regulatory and statutory requirements, people,
successful risk assessment
Is an ongoing process to identify new risk and changes to the characteristics of
Risk Reduction
The implementation of controls or countermeasures to reduce the likelihood or impact of a risk to
Risk Avoidance
Risk can be avoided by not participating in an activity or business.
Risk Transfer or Sharing
Risk can be transferred to a third party (e.g., insurance) or shared with a third
Risk Acceptance
If the risk is within the organization's risk tolerance or if the cost of otherwise mitigating the
Risk response strategy
Depends on many different things such as regulatory requirements, culture, mission,
risk assessments results
Need to be evaluated in terms of the organization's mission, risk tolerance,
Based on the risk assessment results
A mitigation strategy can be chosen for each risk and appropriate controls
Risk assessment results
Can also be used to communicate the risk decisions and expectations of management
Are continuously being discovered and organizations must be constantly vigilant in identifying
identify and assess vulnerabilities
To determine the threat and potential impact and to determine the best
Vulnerabilities can be identified by
Information provided by software vendors (e.g., through the release of
two most common vulnerability techniques
Scanning and penetration testing
Vulnerability management
Starts by understanding the cybersecurity assets and where they reside—both