Module 7: Risk Assessments
Assessment
True/False
Indicate whether the statement is true or false.
____ 1. A risk assessment that uses descriptive terminology, such as “high,” “medium,” and “low,” is called a quantitative risk assessment.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 2. In which phase of the Critical Infrastructure Risk Management Framework is the goal to identify, detect, disrupt, and prepare for hazards and threats; reduce vulnerabilities; and mitigate consequences.
- a. Assess and analyze risk
- b. Establish program goals
- c. Implement risk management activities
- d. Identify assets
____ 3. _________________ is a computerized, open-source risk assessment tool that consists of UML-based packages.
- OCTAVE
- CORAS
- CSET
- SNORT
____ 4. _________________ was developed by Carnegie Mellon as a suite of tools, techniques, and methods for risk-based information security assessment and planning; it utilizes event/fault trees.
- OCTAVE
- CORAS
- CSET
- SNORT
Completion
Complete the sentence.
- ___________________________________________________________ refers to the logistics associated with obtaining needed components.
Short Answer
- Discuss the impact that an industry’s regulatory environment might have on risk assessment. Provide an example of a regulation in a sector that would have to be security tested.