Risk Identification
What risk identification method gathers stakeholders together to list potential risks?
What is brainstorming?
What type of risk assessment is conducted only when needed, usually due to major changes or events?
What is an ad hoc risk assessment?
What document stores all identified risks, their characteristics, owners, and mitigation plans?
What is a risk register?
What metric represents the maximum acceptable downtime for restoring a system or process?
What is the Recovery Time Objective (RTO)?
What type of analysis examines Strengths, Weaknesses, Opportunities, and Threats to identify risks?
What is a SWOT analysis?
What type of risk analysis uses descriptive terms like “low,” “medium,” and “high” instead of numbers?
What is qualitative risk analysis?
What risk management strategy shifts the risk to a third party, such as through insurance or contracts?
What is risk transfer?
What metric defines the maximum allowable amount of data loss measured in time?
What is the Recovery Point Objective (RPO)?
What method identifies risks by examining project plans, reports, and historical information?
What is a documentation review?
What does SLE stand for in quantitative risk analysis?
What is Single Loss Expectancy?
Who is assigned responsibility for managing, monitoring, and mitigating each risk in the risk register?
Who are the risk owners?
What metric represents the average time needed to repair a system after a failure?
What is Mean Time to Repair (MTTR)?
What technique creates “what-if” scenarios to identify possible risks and outcomes?
What is scenario analysis?
To calculate ALE, you multiply SLE by this value.
What is the Annualized Rate of Occurrence (ARO)?
What strategy eliminates the risk entirely by choosing not to engage in a certain activity?
What is risk avoidance?
What term describes the amount and type of risk an organization is willing to pursue or accept?
What is risk appetite?
What method investigates past incidents to find underlying causes that may reveal future risks?
What is root cause analysis?
This percentage represents the portion of asset loss in a risk event and is needed to calculate SLE.
What is the Exposure Factor?
What are measurable signals used to detect early warning signs of worsening risk conditions?
What are Key Risk Indicators (KRIs)?
What metric refers to the average time between system or component failures?
What is Mean Time Between Failures (MTBF)?