Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
10 Cards in this Set
- Front
- Back
Risk Management |
It is an analytical and systematic process, by which an organisation, identify,reduces and controls its risk and loss |
|
What Questions to ask before thinking of protecting and assets |
1) what I'm I protecting 2)why I'm I protecting it 3) how I'm I protecting it |
|
What risk management helps a security professional with |
1) it helps in rational decision making about expenditure of scarce resources and also on the selection of cost effective measures to protect valuable assets 2) it also improves the success rate of an organizations security efforts 3) and also helps security professionals ans the question, how much security is enough? |
|
Main stages of the risk management process |
1) establish the context 2) identify the risk(risk identification) 3) analyze the risk(risk analysis) 4) evaluate the risk( risk evaluation) 5) treat the risk(risk treatment) |
|
Considering assets |
Assets are the first thing to consider before carrying out a risk assessment. They are tangible and intangible, security professionals should always desist from ignoring the intangible asses, during their consideration of assets |
|
Threats |
There are three type of threats 1) intentional 2) natural 3) inadvertent Security professionals should always consider all three categories of threats when conducting a threat and vunurabilty analysis |
|
What is vulnerability |
It is a weakness or organizational practice that may allow a threat to be implemented or increase the magnitude of a loss event |
|
Risk analysis( what it does) |
1) it introduces the severity or impact of a loss event or risk. It opens the organisations eyes, as to the severity of a risk if it is let to occur. This leads to the prioritization of risk 2) it prioritizes risk and places it into some kind of importance. This therefore helps organisations make decisions on which risk to address first, which it can ignore and on how much is worth spending for the mitigation |
|
Protective measure |
This measure seeks to address an effective way to protect the relevant risk, while considering available resources .it includes 1) selecting -choosing the right method to address the risk 2) testing -test the selected method Questions like if the selected method operates in the selected environment,does it work smoothly with the over all system? Is it producing the desired result in terms of risk reduction?, are employees adapting well to it? 3)this comes after it has been tested to work correctly, the selected system is now implemented and employees are notified 3) training comes last. Security staffs and other departments should be trained on using the implemented systems |
|
Steps in security risk Management |
1) consideration of the asset 2) a comprehensive view of the threat 3) looking at the vulnerabilities 4) analysing the risk 5) putting up protective measures |