Information Security Glossary - Q & R
Glossary – Q
Quadrant – This is the name of the technology that makes cryptographic equipment tamper-proof.
Qualitative Risk Assessment – A subjective estimation of risk based often on ranges (e.g. low, medium, high).
Quantitative Risk Assessment – An objective evaluation of risk based on measurable factors such as how much, how many (often using historical values of occurrence or cost).
Glossary – R
Ransomware – Software that prevents a user from accessing their own files or network, only releasing the information after receiving payment.
Resilience – The ability to provide and maintain an acceptable level of service in the face of faults and challenges to normal operation.
Return on Investment – Assessing the value of a return against the initial cost.
Risk – The combination of the probability of an event and its consequences.
Risk Analysis – Estimating the likelihood a threat will exploit a vulnerability and the impact level if it does.
Risk Appetite – The level of risk that an organisation is prepared to accept before action is deemed necessary to reduce it. It represents a balance between the potential benefits of innovation and the threats that change inevitably brings.
Risk Assessment – The determination of the quantitive or qualitative value of risk related to a recognised threat.
Risk Avoidance – This includes not performing an activity that could carry risk.
Risk Evaluation – Combining the likelihood and impact to determine a risk rating.
Risk Identification – Understanding what threats and vulnerabilities might have an impact on the assets or organisation.
Risk Level – The combination of the likelihood and impact of a threat exploiting a vulnerability.
Risk Monitoring – Checking & re-assessing levels of risk over time.
Risk Reduction – Taking action (e.g. implementing controls) to reduce either the likelihood or impact or both, of a risk.
Risk Treatment – Deciding to avoid, reduce, transfer or accept a risk and then monitoring and reviewing the risk over time.