Chat with AIExam 9: Risk Management: Controlling Risk
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
The ____ technique,named for the Greek mythological oracle which predicted the future is a process whereby a group rates or ranks a set of information.
Free
(Multiple Choice)
4.9/5 
(36)
(36) Correct Answer:
Verified
VerifiedD
At a minimum,each information asset-threat pair should have a(n)____ that clearly identifies any residual risk that remains after the proposed strategy has been executed.
Free
(Multiple Choice)
4.9/5 (37)
(37) Correct Answer:Verified
VerifiedB
According to the Microsoft Risk Management Approach,risk management is not a stand-alone subject and should be part of a general governance program to allow the organization's management to evaluate the organization's operations and make better,more informed decisions.
Free
(True/False)
4.8/5 (42)
(42) Correct Answer:Verified
VerifiedTrue
When you establish one control,you increase the risk associated with all subsequent control evaluations._________________________
(True/False)
4.8/5 (34)
(34) ____ is the money saved by avoiding,via the implementation of a control,the financial ramifications of an incident.
(Multiple Choice)
4.7/5 (24)
(24) The four categories of controlling risk include avoidance,mitigation,transference and _____.
(Multiple Choice)
4.9/5 (37)
(37) The threat level and an asset's ____________________ should be a major factor in the risk control strategy selection.
(Short Answer)
4.9/5 (32)
(32) Risk ____________________ defines the quantity and nature of risk that an organization is willing to accept.
(Short Answer)
4.8/5 (34)
(34) ____ is the process of assigning financial value or worth to each information component.
(Multiple Choice)
4.8/5 (34)
(34) The ____________________ technique is process in which a group ranks a set of information.
(Short Answer)
4.8/5 (37)
(37) The Annualized Loss Expectancy in the CBA formula is determined as ____.
(Multiple Choice)
4.7/5 (28)
(28) The ____________________ assessment,tries to improve upon the ambiguity of qualitative measures without resorting to the unsubstantiated estimation used for quantitative measures.
(Short Answer)
4.8/5 (29)
(29) The ISO 27005 Standard for Information Security Risk Management includes five stages including all but which of the following?
(Multiple Choice)
4.8/5 (38)
(38) An organization that chooses to outsource its risk management practice to independent consultants is taking the ____ control approach.
(Multiple Choice)
4.8/5 (36)
(36) An alternate set of possible risk control strategies includes all but which of the following?
(Multiple Choice)
4.8/5 (40)
(40) Reducing the impact of a successful attack on an organization's system falls under the ____ risk control strategy.
(Multiple Choice)
4.9/5 (32)
(32) Briefly describe the four basic strategies to control risk that result from vulnerabilities.
(Essay)
5.0/5 (32)
(32) OCTAVE is an InfoSec risk evaluation methodology that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls.
(True/False)
4.9/5 (42)
(42) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)