Module 7: Risk Assessments

Assessment

True/False

Indicate whether the statement is true or false.

____ 1. A risk assessment that uses descriptive terminology, such as “high,” “medium,” and “low,” is called a quantitative risk assessment.

 

Multiple Choice

Identify the choice that best completes the statement or answers the question.

 

____ 2. In which phase of the Critical Infrastructure Risk Management Framework is the goal to identify, detect, disrupt, and prepare for hazards and threats; reduce vulnerabilities; and mitigate consequences.

  • a. Assess and analyze risk
  • b. Establish program goals
  • c. Implement risk management activities
  • d. Identify assets

 

____ 3. _________________ is a computerized, open-source risk assessment tool that consists of UML-based packages.

  1. OCTAVE
  2. CORAS
  3. CSET
  4. SNORT

____ 4. _________________ was developed by Carnegie Mellon as a suite of tools, techniques, and methods for risk-based information security assessment and planning; it utilizes event/fault trees.

  1. OCTAVE
  2. CORAS
  3. CSET
  4. SNORT

Completion

Complete the sentence.

  1. ___________________________________________________________ refers to the logistics associated with obtaining needed components.

Short Answer

  1. Discuss the impact that an industry’s regulatory environment might have on risk assessment. Provide an example of a regulation in a sector that would have to be security tested.

License

Icon for the Creative Commons Attribution 4.0 International License

Critical Infrastructure Systems by NCyTE Center is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book