Module 4 Risk management
Risk____is the identification, analysis, and evaluation of risk as initial parts of risk
management - ANSassessment
In the TVA worksheet, assets are placed into a matrix with threats and then the exposure of
the assets to specific threats is explored by documenting_____. - ANSvulnerabilities
The _____ risk treatment strategy is the choice to do nothing to protect a vulnerability and to
accept the outcome of its explotation. - ANSacceptance
The formal decision-making process used when considering the economic feasibility of
implementing information security controls and safeguards is called a(n) ____. - ANSCBA
The _____ risk treatment strategy attempts to shift risk to other assets, other processes, or
other organizations. - ANStransference
Risk ____ is the assessment of the amount of risk an organization is willing to accept for a
particular information asset, typically synthesized into the organization's overall risk appetite.
- ANStoleranece
The risk management (RM) ____ is the overall structure of the strategic planning and design
for the entirety of the organization's RM efforts. - ANSframework
A(n) ____ scheme is a formal access control methodology used to assign a level of
confidentiality to an information asset and thus restrict the number of people who can access
it. - ANSdata classification
the concept of competitive ____ refers to falling behind the competition. - ANSdisadvantage
Understanding the ____ context means understanding the impact of elements such as the
business environment, the legal/regulatory/compliance environment, as well as threat
environment. - ANSrisk evaluation
_____ addresses are sometimes called electronic serial numbers or hardware addresses. -
ANSMAC
the first phase of the risk management process is ____. - ANSrisk identification
Risk ____ is a determination of the extent to which an organization's information assets are
exposed to risk. - ANSanalysis
The probability that a specific vulnerability within an organization will be attacked by a threat
is known as ___. - ANSlilihood
Risk____is the identification, analysis, and evaluation of risk as initial parts of risk
management - ANSassessment
In the TVA worksheet, assets are placed into a matrix with threats and then the exposure of
the assets to specific threats is explored by documenting_____. - ANSvulnerabilities
The _____ risk treatment strategy is the choice to do nothing to protect a vulnerability and to
accept the outcome of its explotation. - ANSacceptance
The formal decision-making process used when considering the economic feasibility of
implementing information security controls and safeguards is called a(n) ____. - ANSCBA
The _____ risk treatment strategy attempts to shift risk to other assets, other processes, or
other organizations. - ANStransference
Risk ____ is the assessment of the amount of risk an organization is willing to accept for a
particular information asset, typically synthesized into the organization's overall risk appetite.
- ANStoleranece
The risk management (RM) ____ is the overall structure of the strategic planning and design
for the entirety of the organization's RM efforts. - ANSframework
A(n) ____ scheme is a formal access control methodology used to assign a level of
confidentiality to an information asset and thus restrict the number of people who can access
it. - ANSdata classification
the concept of competitive ____ refers to falling behind the competition. - ANSdisadvantage
Understanding the ____ context means understanding the impact of elements such as the
business environment, the legal/regulatory/compliance environment, as well as threat
environment. - ANSrisk evaluation
_____ addresses are sometimes called electronic serial numbers or hardware addresses. -
ANSMAC
the first phase of the risk management process is ____. - ANSrisk identification
Risk ____ is a determination of the extent to which an organization's information assets are
exposed to risk. - ANSanalysis
The probability that a specific vulnerability within an organization will be attacked by a threat
is known as ___. - ANSlilihood
