IT Examiner School eBook

Risk Terms Level Set

• Asset : Anything of value to the organization • Vulnerability : A weakness, abscess of a safeguard (control). • Threat : Something that could pose loss to all or part of an asset. • Threat Agent : What carries out the attack. • Exploit : An instance of compromise • Risk : The probability of a threat materializing.

• Controls : Physical, Administrative, and Technical protections. • Safeguard – Deterrents or Preventives. • Countermeasures- Detective or Correctives. • Inherent Risk : The risk before any control is implemented. • Residual Risk : Leftover risk after applying a control. • Secondary Risk : When one risk response triggers another risk event.

27

Why have a Risk Assessment? Helps organizations identify inherent business risks and provide measures, processes and controls to reduce the impact of these risks to business operations • Without a Risk Assessment: • Not in compliance with GLBA (Appendix B of Part 364 of the FDIC Rules and Regulations) • Protection of information assets are not aligned with business objectives or regulatory requirements • Loss (or compromise) of critical information can be catastrophic • Loss of trust between a financial institution and its customers • Harms the safety and soundness of institution