Exam 9: Risk Management: Controlling Risk

arrow
  • Select Tags
search iconSearch Question
flashcardsStudy Flashcards
  • Select Tags

Due care and due diligence occur when an organization adopts a certain minimum level of security as what any ____________________ organization would do in similar circumstances.

(Short Answer)
4.8/5
(35)

A cost-benefit analysis is calculated by subtracting the post-control annualized loss expectancy and the ____ from the pre-control loss expectancy

(Multiple Choice)
4.9/5
(41)

____ is the choice to do nothing to protect an information asset from risk and to accept the outcome from any resulting exploitation.

(Multiple Choice)
4.8/5
(32)

A system's exploitable vulnerabilities are usually determined after the system is designed.

(True/False)
5.0/5
(33)

The only use of the acceptance strategy that industry practices recognize as valid occurs when the organization has done all but which of the following?

(Multiple Choice)
5.0/5
(42)

____ feasibility is also referred to as behavioral feasibility.

(Multiple Choice)
4.8/5
(38)

Communicating new or revised policy to employees is adequate to assure compliance.

(True/False)
4.9/5
(41)

Cost Benefit Analysis is determined by calculating the single loss expectancy before new controls minus the annualized loss expectancy after controls are implemented minus the annualized cost of the safeguard._________________________

(True/False)
5.0/5
(29)

Common sense dictates that an organization should spend more to protect an asset than its value.

(True/False)
4.8/5
(40)

The ____ is the calculation of the value associated with the most likely loss from an attack.

(Multiple Choice)
4.7/5
(33)

Avoidance of risk is the choice to forgo the use of security measures and accept loss in the event of an attack._________________________

(True/False)
4.8/5
(42)

Asset evaluation is the process of assigning financial worth to each information asset._________________________

(True/False)
4.9/5
(44)

Which of the following is NOT a valid rule of thumb on risk control strategy selection?

(Multiple Choice)
4.9/5
(32)

Mitigation depends on the ability to detect and respond to an attack as quickly as possible ._________________________

(True/False)
4.8/5
(37)

The Microsoft Risk Management Approach includes four phases: assessing risk,conducting decision support,implementing controls and measuring program effectiveness._________________________

(True/False)
4.8/5
(34)

The final choice of a risk control strategy may call for a balanced mixture of controls that provides the greatest value for as many asset-threat pairs as possible.

(True/False)
4.8/5
(48)

When a vulnerability (flaw or weakness)exists,you should implement security policies to reduce the likelihood of a vulnerability being exercised._________________________

(True/False)
4.9/5
(40)

Step-by-step rules to regain normalcy is covered by which of the following plans in the mitigation control approach?

(Multiple Choice)
4.9/5
(35)

The Microsoft Risk Management Approach includes four phases.Which of the following is NOT one of them?

(Multiple Choice)
4.8/5
(34)

____________________ is a risk management framework developed to help organizations to understand,analyze,and measure information risk.The outcomes are more cost-effective information risk management,greater credibility for the information security profession,and a foundation from which to develop a scientific approach to information risk management.

(Short Answer)
5.0/5
(32)
Showing 21 - 40 of 105
close modal

Filters

  • Essay(0)
  • Multiple Choice(0)
  • Short Answer(0)
  • True False(0)
  • Matching(0)