Important information about Information Security Risk Analysis

Please answer all of the following questions

1. Why does the course reference focus on Qualitative risk Analysis?
Mention at least three advantages of Qualitative risk analysis.

2. What is the meaning of risk mitigation?

3. Why is BIA needed in Risk Analysis and Assessment?

4. What is "FRAAP"? How many controls are defined in "FRAAP"? What are the three deliverables of the "FRAAP" session? How much time does the process take?



- - -

5. What are the five deliverables of the pre-FRAAP meeting? How much time it should take?

6. What are the deliverables of the post-FRAAP process? How much time it takes?

7. In a FRAAP action plan, you see risks of type I, A and C.
What do these terms mean?

8. How does Cost benefit Analysis relate to Risk Analysis?

9. Mention five risk analysis software packages. What is BDSS? What is LRAM or ALRAM?

10. You are deciding on how much to spend per year on the following threats:

Threat Asset Value
x Exposure Factor
= Single loss Expectancy
x Annualized Rate of Occurrence
= Annualized Loss Expectancy
Fire $1M x 0.5 = $........... x 0.1 = $............
Misuse of Resources $1M x 0.00005 = $........... x 1000 = $............

Calculate the single loss expectancy for each threat above. Write it in the table

Calculate the Annualized Loss Expectancy. Write it in the table above

What is the problem with the above algorithm?

Would management buy those calculations?

Are you going to spend the same amount of money to countermeasure "Misuse of Resources" as you would spend to countermeasure fire?

11. What is the difference between tangible and intangible loss?
Give two examples of each.

12. Fill in the headings and two sample rows in this Action Plan table for FRAAP