Show
Home Subjects Solutions Create Log in Sign up Upgrade to remove ads Only ₩37,125/year
Review terms and definitions
Focus your studying with a path
Take a practice test
Get faster at matching terms Terms in this set (11)What is the risk management? Risk management is the identification, assessment, and management of risks to an organization's operations and determining how those risks can be controlled or mitigated and decide who is responsible for implementing. List and describe the key areas of concern for risk management. • Risk identification: is the early and continuous identification of incidents before they occur, or have negative impacts on an organizations ability to operate. • Risk assessment: document and evaluate cost and prioritize low to high risk and implement in order of importance. • Risk control: s the method by which firms evaluate potential losses and take action to reduce or eliminate such threats. Why is identification of risks, through a listing of assets and their vulnerabilities, so important to the risk management process? It is important so management can know the value of the company asset and what losses will be incurred if it is compromised. According to Sun Tzu, what two things must be achieved to successfully secure information assets? To reduce risk in an organization, the organization must know itself and know its enemy. Who is responsible for risk management in an organization? Risk management is the responsibility of senior managers within each department. Which community of interest usually provides the resources used when undertaking information asset risk management? The community that usually takes the lead in information asset risk management is management. Management must begin the identification process for threats\risks to the company In risk management strategies, why must periodic review be a part of the process? In risk management strategies, periodic review must be a part of the process because threats are constantly changing for a company. Why do networking components need more examination from an information security perspective than from a systems development perspective? Networking components need more examination from an information security perspective than from a systems development perspective because networks are often the main point of attack and should be treated as a critical risk whilst the systems development needs to be considered separately. How many threat categories are listed in this chapter? Which do you think is the most common, and why? There are twelve threat categories listed in this chapter. The most common is human error because this is the hardest to control. What are vulnerabilities? Vulnerabilities are opportunities for a threat to become a real issue or problem and can be caused by software, hardware or human behavior. 11. Describe the TVA worksheet. What is it used for? The TVA work sheet (threats vulnerabilities assets) is used as a risk assessment tool that lists assets and their vulnerabilities into low and high priority within a company. This is then used to decide Sets with similar termsCH4: Risk Management26 terms yytdorothy Ch 8: Risk Management: Identifying and Assessing R…9 terms anb201 ARM 54 Chapter 235 terms kboyce7 Internal Audit Ch. 4 (Risk Management)10 terms awesomeamyjo Sets found in the same folderExternal business factors40 terms issie_ How to Register your Business24 terms prezil_ong Chapter 2- Risk Management and the Organization25 terms Alex_Factor Risk Management36 terms PMPMartin Other sets by this creatorContingency Planning17 terms Leanne547 Security Policy17 terms Leanne547 Risk Control16 terms Leanne547 Other Quizlet setsEC 202 Exam 1 Review37 terms charrliegrybas1 Fourth Amendment Quiz 5/3/1820 terms Kaylie_Moskovit Dentistry Exam 235 terms djjazzyjessica Related questionsQUESTION having a control system reduces the scope of employee empowerment and autonomy. true or false 3 answers QUESTION T or F: In the context of budgetary control, an expense budget includes anticipated and actual expenses for each responsibility center and for the total organization. 2 answers QUESTION A manager's job is all about personal achievement? 15 answers QUESTION This organization was started in response to a perceived need for more comprehensive information about the extent in nature of crime in the United States 2 answers Why is risk identification important in information security?Risk identification is the first step in the risk assessment process and focuses on identifying the source of risk and potential events that could impact an organization's objectives. Risk identification also provides insight in the interaction between risk and threat.
Why is risk identification important to a company?Risk identification enables businesses to develop plans to minimize harmful events before they arise. The objective of this step is to identify all possible risks that could harm company operations, such as lawsuits, theft, technology breaches, business downturns, or even a Category 5 hurricane.
Which is more important to the components of the system classification scheme that the asset identification list be comprehensive or mutually exclusive?It is more important that the list be comprehensive than mutually exclusive. It would be far better to have a component assessed in an incorrect category rather than to have it go completely unrecognized during a risk assessment.
How can identification of risk help organizational decision making?Risk Analysis is a proven way of identifying and assessing factors that could negatively affect the success of a business or project. It allows you to examine the risks that you or your organization face, and helps you decide whether or not to move forward with a decision.
|