Quiz 5 - IT Risk Management

Questions and Answers

What is the process which identifies suitable controls to mitigate each risk to some acceptable level?

• Risk Analysis
• Risk Treatment (correct)
• Risk Management
• Risk Assessment

What formal approach is followed, in Risk Analysis.

• Partial
• Total
• Bottom-up (correct)
• Top-down

What is the overall process of risk analysis and risk evaluation?

• Risk Analysis
• Risk Treatment
• Risk Assessment (correct)
• Residual Risk

What is the remaining risk after controls have been implemented?

Residual Risk (D)

Choose the missing word:

On the Tactical Management Level, executive management uses ____ Analysis to identify possible risks.

Event/Impact (A)

Choose the missing word: Besides the Magnitude of gains and losses, another factor associated with Risk is ____.

Probability/Frequency (A)

Choose the missing words: Normally, a ____ can only influence an ____ through a ____.

Threat; asset; vulnerability (A)

Choose the missing word: Magnitude of gains and losses is also known as the ____ of risk.

Impact (B)

What are the coordinated activities called, which direct and control an organization, regarding risk?

Risk Management (C)

Choose the missing word: Probability normally refers to the combination of the threat and the ____.

Vulnerability (D)

Flashcards

Risk Treatment

The process of identifying suitable controls to mitigate risk to an acceptable level.

Bottom-up Approach

A formal approach in risk analysis.

Risk Assessment

The overall process of risk analysis and risk evaluation.

Residual Risk

The remaining risk after controls have been implemented.

Event/Impact Analysis

Used in Tactical Management by executive management to identify risks.

Probability/Frequency

A factor associated with risk besides the magnitude of gains and losses.

Threat

A possible danger or cause of harm.

Asset

Something valuable to an organization.

Vulnerability

A weakness that allows a threat to affect an asset.

Risk Impact

Magnitude of gains or losses.

Risk Management

Coordinated activities to direct and control an organization regarding risk.

Risk Probability

Combination of the threat and vulnerability.

Study Notes

Risk Mitigation and Analysis Process

• Identifying suitable controls to mitigate risks involves assessing each risk against predetermined criteria to ensure an acceptable level of exposure.
• A formal approach is structured during Risk Analysis, which includes systematic methodologies to identify, assess, and prioritize risks.

Risk Analysis and Evaluation Process

• The overall process of risk analysis entails recognizing potential hazards, assessing the severity of their impact, and determining the likelihood of occurrence.
• Risk evaluation follows, comparing estimated risks against risk criteria to make informed decisions on risk management strategies.

Remaining Risk

• Remaining risk, or residual risk, is the level of risk that persists after controls and mitigation measures have been implemented.

Tactical Management Level

• On the Tactical Management Level, executive management uses Risk Analysis to identify possible risks.

Factors of Risk

• Besides the Magnitude of gains and losses, another factor associated with risk is Probability.

Influence of Risk Factors

• Normally, a Manager can only influence an Outcome through a Decision.

Magnitude of Risk

• Magnitude of gains and losses is also known as the Severity of risk.

Risk Management Activities

• The coordinated activities that direct and control an organization regarding risk are called Risk Management.

Probability in Risk Analysis

• Probability in risk analysis normally refers to the combination of the threat and the Vulnerability.