Miscellaneous
Companies must comply with these.
What are laws and regulations?
An EU regulation surrounding the protection of citizens' data.
What is the General Data Protection Regulation (GDPR)?
Risk practitioners should work with this team when building reporting.
What is legal counsel?
Threats WITH attached probability and impact on a company's assets.
What are risk events?
A risk that involves employees leaving the enterprise and needing to be replaced.
What is loss of talent?
An individual or group that carries out harmful actions against an enterprise, either intentionally or unintentionally.
What is a threat actor?
A standard created for enterprises that accept, use, or store payment card information in some way.
What is the Payment Card Industry Data Security Standard (PCI-DSS)?
These must be in place to ensure ethical practices.
What are controls?
Risk practitioners should work closely with these individuals to identify risk events.
Who are business process owners?
Risks that involves events like hurricanes, tornadoes, wildfires, and snowstorms.
What are natural disasters?
A risk concerning politically-motivated attacks targeting human life.
What is terrorism?
A US federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed.
What is the Health Insurance Portability and Accountability Act (HIPAA)?
The way in which a threat actor carries out an attack.
What is a threat vector?
To understand technological risk, risk practitioners should consult with experts in these fields.
What are the IT and cybersecurity fields?
A risk that involves a coordinated attack against an enterprise carried out from multiple endpoints that takes a service offline, making it unavailable.
What is a DDOS (distributed denial of service) attack?
A tangible thing - a human resource, piece of equipment, building, vehicle - that is important for the enterprise to deliver the promised service or good.
What is an asset?
A US federal law that mandates certain practices in financial record keeping and reporting for corporations.
What is the Sarbanes-Oxley Act (SOX)?
Risk is often impacted by this, the moral practices that govern the enterprise.
What are ethics?
What are risk events?
What is abuse of authority?
Consequence. Can be assessed qualitatively - low, medium, or high - or can be assigned a quantitative amount, like time or money.
What is impact?
The probability that a risk event will occur.
What is likelihood?
Actions that could occur that would have an impact on the enterprise.
What are threats?
Risk practitioners should understand this, both currently and in the future.
What is their environment?
A risk concerning updates to laws or standards in the industry.
What are new legal (regulatory) requirements?