Intro to Cybersecurity Quiz 2 practice

Risk control, also known as risk treatment, is the application of controls that reduce the risks to an organization’s information assets to an acceptable level.

Residual risk is the risk that organizations are willing to accept even after current controls have been applied.

You cannot use qualitative measures to rank information asset values.

The _____ risk treatment strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation.

The _____ risk treatment strategy attempts to shift risk to other assets, other processes, or other organizations.

_____ equals the probability of a successful attack multiplied by the expected loss from a successful attack plus an element of uncertainty.

The probability that a specific vulnerability within an organization will be attacked by a threat is known as _____

Flaws or weaknesses in an information asset, security procedure, design, or control that can be exploited accidentally or on purpose to breach security are known as _____.

The first phase of the risk management process is _____.

The risk management (RM) _____ is the overall structure of the strategic planning and design for the entirety of the organization’s RM efforts.