Lesson 5.1 InfoSec Risk Management Basics

The forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their impact.

It allows the organization to assess, identify, and modify its overall security posture.

It enables security, operations, organizational leadership, and other personnel to collaborate and view the entire organization from an attacker's perspective.

Both B and C

Controlling the likelihood and impact of bad things involving information.

An unpatched system.

A person or thing likely to cause damage or danger.

A virus on a device.

A weakness that results in unwanted attacks.

Both A and B

A threat

A vulnerability

An exploit

Both B and C

A threat

A vulnerability

An exploit

A recreational activity

The quality of being vulnerable.

The quality of state of being exposed to the possibility of being attacked or harmed, physically or emotionally

A weakness or gap in control.

All of the above.

True

False

4

5

6

7

1. Identify Risk

2. Assess Risk

3. Control Risk

4. Review Controls

1. Identify Risks

2. Measure Risks

3. Examine Solutions

4. Implement Solution

5. Monitor Results

1. Categorize Info Systems

2. Select Security Controls

3. Implement Security Controls

4. Assess Security Controls

5. Authorize Info Systems

6. Monitor Security Controls

1. Identify

2. Analyze

3. Evaluate

4. Prioritize

5. Treat

6. Monitor