Lesson 19: Summarizing Risk Management Concepts 2023/2024 passed

Lesson 19: Summarizing Risk Management Concepts Management of a company practices qualitative risk when assessing a move of systems to the cloud. How does the company indicate any identified risk factors? - correct answer With a classification system... Qualitative risk assessment uses categories or classifications such as Irreplaceable, High Value, Medium Value, and Low Value. Management of a company identifies priorities during a risk management exercise. By doing so, which risk management approach does management use? - correct answer Risk posture... Risk posture is the overall status of risk management. Risk posture shows which risk response options management can identify and prioritize. A company determines the mean amount of time to replace or recover a system. What has the company calculated? - correct answer MTTR... Mean Time to Repair (MTTR) is a measure of the time taken to correct a fault to restore the system to full operation. This is also known as a mean time to replace or recover and is important in determining the overall Recovery Time Objective (RTO). Select the example that provides an accurate simulation of a company engaging in the identifying threats phase of risk management. - correct answer A company conducts research to determine why vulnerabilities may be exploited... The third phase of risk management is identify threats. Threats that may take advantage of, exploit, or accidentally trigger vulnerabilities. Threat refers to the sources or motivations of people and things that could cause loss or damage. The first phase of risk management is to identify mission essential functions. Mitigating risk can involve a large amount of expenditure, so it is important to focus efforts. Part of risk management is to analyze workflows and identify the mission essential functions that could cause the whole business to fail if they are not performed. The second phase of risk management is to identify vulnerabilities for each function or workflow. This includes analyzing systems and assets to discover and list any vulnerabilities or weaknesses to which they may be susceptible. The fourth phase of risk management is to analyze business impacts and the likelihood of a vulnerability being activated as a security incident by a threat and the impact of that incident on critical systems. Evaluate the metrics associated with Mission Essential Functions (MEF) to determine which example is demonstrating Work Recovery Time (WRT). - correct answer It takes three hours to restore a system from backup, reintegrate the system, and test functionality... Work Recovery Time (WRT) is the additional time that it takes to restore data from backup, reintegrate different systems, and test overall functionality. This can also include briefing system users on any changes or different working practices so that the business function is again fully supported. Select the phase of risk management a company has performed if they analyzed workflows and identified critical tasks that could cause their business to fail, if not performed. - correct answer Identify mission essential functions A company has thirty servers that run for 125 hours, with three servers that fail. Rounding to the nearest whole number, calculate the Mean Time Between Failures (MTBF) for this scenario. - correct answer 1,250... The calculation for Mean Time Between Failures (MTBF) is the total time divided by the number of total failures. In this scenario, the company has 30 servers that run for 125 hours (30x125), with the resulting product of 3,750. This result is then divided by the number of failures (3,750/3), which equals an MTBF of 1,250. Analyze the metrics governing Mission Essential Functions (MEF) and determine which example demonstrates Maximum Tolerable Downtime (MTD). - correct answer A business function relies on five hours for restoration; otherwise, there is an irrecoverable business failure.... The Maximum Tolerable Downtime (MTD) is the longest period of time a business function outage may occur without causing irrecoverable business failure. Work Recovery Time (WRT) is the additional time it takes to restore data from backup, reintegrate different systems, and test overall functionality. This can also include briefing system users on changes or different working practices, so the business function is fully supported again. Recovery Time Objective (RTO) is the period following a disaster an individual IT system may remain offline. It also represents the amount of time it takes to identify there is a problem and perform a recovery. Recovery Point Objective (RPO) is the amount of data loss a system can sustain, measured in time. If a database is destroyed and has an RPO of 24 hours, the data can be recovered to a point not longer than 24 hours before the database was infected. A company performs risk management. Which action identifies a risk response approach? - correct answer A company develops a countermeasure for an identified risk.