Well, that wraps up our domain zero preliminary domain just to make sure that we all start off on the same foot footing and we're gonna just ask a couple of quick questions to make sure domain zero made sense. So our first question
risks should be reduced until what?
Okay, Risk should be reduced until what
We really don't talk in terms about eliminating risks, right? We
well, I'll save that for a minute. We don't eliminate risk. You can avoid some risks. You just can't eliminate them all
until risk is accepted. Well, that sounds pretty good, because we said we have to reduce residual risk to the point that's accepted by senior management's and be sounds pretty good.
Risk is transferred.
You do transfer some risks, but not all.
And then risks are avoided. You can't avoid all risk. So be Bravo is the correct answer Here. There we go. We're gonna reduce residual risk to a level that's acceptable by senior management.
All right, what are the phases of ice? ACOG's risk management life cycle. And remember, this is gonna map to the chapters of this course, So we're gonna start off with risk identification.
We'll move to risk assessment, risk mitigation and then control and monitoring. Those are the steps of ice. ACOG's risk management lifecycle Definitely, definitely, definitely know those.
All right, Which of the following is not an element of the security triumph.
So if you'll remember CIA confidentiality, integrity and availability now that a constant for a lot of things authenticity, accounting, auditing. But in the CIA triad, its availability.
And remember, authenticity is important. It's not like we don't care about authenticity, but the triad is confidentiality, integrity and availability.
All right, And then which term is best described as Theo? Acceptable level of variation
that management is willing to allow for any particular risk,
threshold, tolerance or capacity. And that's the best definition for risk tolerance because risk tolerance is outside of the level, the risk appetite, our risk appetite may focus us in one direction,
but the risk tolerant says yeah, but for this particular risk,
we're willing to take on a little more or a little less risk. All right, so I hope the main one made sense. I hope that it was helpful and stick around. We're gonna move right into domain one
which is risk identification