Explanation should include
- threat assessment
- environmental
- manmade
- internal vs. external
- risk assessment
- Single Loss Expectancy (SLE)
- Annualized Loss Expectancy (ALE)
- Annualized Rate of Occurrence (ARO)
- asset value
- risk register
- likelihood of occurrence
- supply chain assessment
- impact
- quantitative
- qualitative
- testing
- penetration testing authorization
- vulnerability testing authorization
- risk response techniques
- accept
- transfer
- avoid
- mitigate
- change management.
Process/Skill Questions:
- What is the difference between a threat and a risk?
- What is the difference between quantitative and qualitative risk assessment?
- What are the differences between risk response techniques?