Risk and Third-Party Management Quiz
HardMultiple-choice practice with instant feedback — pick an answer, see the rationale, and every miss is scheduled back into your flashcard reviews. Progress saves in this browser.
Loading your quiz…
Terms in this set
- Risk The likelihood and impact of a threat exploiting a vulnerability against an asset.
- Assessment A point-in-time review of controls, risks, or vulnerabilities to inform improvement.
- Vendor A third party providing goods or services — and a third-party risk that must be managed.
- Contract The agreement that binds vendor security obligations — DPAs, BAAs, MSAs, NDAs.
- SLA Service Level Agreement — measurable commitments for performance, uptime, and incident response.
- Tabletop A discussion-based exercise that walks responders through an incident scenario.
- Compliance Conforming to laws, regulations, contractual terms, and internal policy.
- Inherent The level of risk before any controls are applied.
- Residual The level of risk remaining after controls are applied.
- Mitigation Reducing risk by applying controls — the most common risk response.
- Transfer Shifting risk to a third party — typically via insurance or outsourcing.
- Acceptance Choosing to live with a risk because mitigation costs more than the impact.