Risk assessment
Likelihood
Impact
Qualitative vs. quantitative
Exposure factor
Asset value
Total cost of ownership (TCO)
Return on investment (ROI)
Mean time to recovery (MTTR)
Mean time between failure (MTBF)
Annualized loss expectancy (ALE)
Annualized rate of occurrence (ARO)
Single loss expectancy (SLE)
Gap analysis
Risk handling techniques
Transfer
Accept
Avoid
Mitigate
Risk types
Inherent
Residual
Exceptions
Risk management life cycle
Identify
Assess
Control
People
Process
Technology
Protect
Detect
Respond
Restore
Review
Frameworks
Risk tracking
Risk register
Scalability
Reliability
Availability
Key risk indicators
Risk appetite vs. risk tolerance
Tradeoff analysis
Usability vs. security requirements
Policies and security practices
Separation of duties
Job rotation
Mandatory vacation
Least privilege
Employment and termination procedures
Training and awareness for users
Auditing requirements and frequency
