Exam 8: Risk Management: Identifying and Assessing Risk

The ____ is an attribute that can be helpful in analyzing threat outbreaks when certain manufacturers announce specific vulnerabilities.

Almost every organization is aware of its image in the local,national,and international spheres.Loss or ____ of some assets would prove especially embarrassing.

The ____ is an effective attribute for tracking network devices and servers,but rarely applies to software.

Assessing risks includes assigning a value to each information asset.

The inventory should also reflect the ____________________ and security priority assigned to each information asset.

The ultimate goal of risk identification is to assess the circumstances and setting of each information asset to reveal any threats._________________________

The ____ is also referred to as an electronic serial number.

____________________ is the overall rating-a numerical value on a defined scale-of the probability that a specific vulnerability will be exploited.

Risk management is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be ____________________.

The final step in the risk identification process is to list the assets in order of importance.This goal can be achieved by using a(n)____ worksheet.

The process of assigning relative values to information assets helps to ensure that assets with higher values are protected first.

Risk is the likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability._________________________

Weighting criteria can be used to assess the value of information assets or impact evaluation._________________________

A(n)____________________ number uniquely identifies a specific device.

Which of the following is the final step in the risk identification process of information assets?

The information technology community often takes on the leadership role in addressing risk.

Each component of an IT system has information of value during the risk identification process.These components include people,policies,data,software,hardware and networking.

The simple classification scheme for an information asset of confidential,____ and public,designates the level of protection needed for a particular information asset.

The last stage in the risk identification process is to document the organization's ____________________.

The data classification scheme for an information asset could include confidential,internal,and private.Each of these classification categories designates the level of protection needed for a particular information asset._________________________