What are the main steps of a basic security risk assessment?

Study for the PY103.16 Physical Security Test with flashcards and multiple-choice questions. Each question includes hints and explanations to help you prepare confidently and effectively. Get ready to ace your exam with our comprehensive study resources!

Multiple Choice

What are the main steps of a basic security risk assessment?

Explanation:
Focus on how a basic risk assessment is carried out: you start by identifying what needs protection—your assets such as data, systems, facilities, and people. Next you consider what could harm those assets—potential threats like theft, sabotage, natural disasters, or cyber attacks. Then you look for weaknesses in your defenses—vulnerabilities that threats could exploit, such as unpatched software, weak access controls, or lack of backups. After identifying these elements, you assess the risk by considering how likely a threat is to exploit a vulnerability and what the impact would be if it did. Finally, you prioritize the controls and mitigation efforts based on those risk levels, focusing resources where the potential damage is greatest. Other options describe actions taken after the risk assessment or parts of a security program (like deploying alarms and guards, governance/officer reporting, or policy management and monitoring). They are related to implementing or governing security, but they don’t lay out the basic steps of performing a risk assessment itself.

Focus on how a basic risk assessment is carried out: you start by identifying what needs protection—your assets such as data, systems, facilities, and people. Next you consider what could harm those assets—potential threats like theft, sabotage, natural disasters, or cyber attacks. Then you look for weaknesses in your defenses—vulnerabilities that threats could exploit, such as unpatched software, weak access controls, or lack of backups. After identifying these elements, you assess the risk by considering how likely a threat is to exploit a vulnerability and what the impact would be if it did. Finally, you prioritize the controls and mitigation efforts based on those risk levels, focusing resources where the potential damage is greatest.

Other options describe actions taken after the risk assessment or parts of a security program (like deploying alarms and guards, governance/officer reporting, or policy management and monitoring). They are related to implementing or governing security, but they don’t lay out the basic steps of performing a risk assessment itself.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy