Risk Management

Key Terms

Term	Definition
Risk management	the process of identifying, assessing, and prioritizing organizational risk
Risk	The potential of losing something that is of value to an organization
Risk assessment	the process of analyzing risk
Risk analysis	analysis uses information to identify possible sources of risk and identify threats or events that could have a harmful impact
Countermeasures	A measure taken to counter or offset a threat
Threat	A danger that exploits a vulnerability to breach security
Security controls	Safeguards or countermeasures implemented to minimize security risks.
Compliance	Obligations to external authorities and information security reviews
Asset	Any resource, product, system, process, or any other organizational resource that has value to an organization
Tangible assets	Assets that have a physical presence and an identifiable value
Intangible assets	Assets that are not physical but still represent a value to the organization’s image, its operations, and the ability to compete in the market
Quantitative Risk Analysis	This type of risk analysis assigns independent, objective, numeric monetary values to the elements of risk assessment and the assessment of potential losses
Single Loss Expectancy (SLE)	The estimate of the amount of damage that an asset will suffer due to a single incident
Exposure Factor (EF)	A potential percent of loss to a specific asset if a particular threat is realized. This is regarded as a subjective measure
Annual Rate of Occurrence (ARO)	the number of times per year that an incident is likely to occur
Annual Loss Expectancy (ALE)	the yearly financial impact to the organization from a particular risk
Qualitative Risk Analysis	Evaluates the impact or effect of threats on the business process or the goals of the organization with a scenario-oriented, carefully reasoned risk assessment
Risk mitigation	Reducing the severity of a loss or the likelihood of the loss from occurring
Risk Exposure	A quantifiable loss potential