Exam 9: Risk Management: Controlling Risk
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
Due care and due diligence occur when an organization adopts a certain minimum level of security as what any ____________________ organization would do in similar circumstances.
(Short Answer)
4.8/5
(35)
A cost-benefit analysis is calculated by subtracting the post-control annualized loss expectancy and the ____ from the pre-control loss expectancy
(Multiple Choice)
4.9/5
(41)
____ is the choice to do nothing to protect an information asset from risk and to accept the outcome from any resulting exploitation.
(Multiple Choice)
4.8/5
(32)
A system's exploitable vulnerabilities are usually determined after the system is designed.
(True/False)
5.0/5
(33)
The only use of the acceptance strategy that industry practices recognize as valid occurs when the organization has done all but which of the following?
(Multiple Choice)
5.0/5
(42)
____ feasibility is also referred to as behavioral feasibility.
(Multiple Choice)
4.8/5
(38)
Communicating new or revised policy to employees is adequate to assure compliance.
(True/False)
4.9/5
(41)
Cost Benefit Analysis is determined by calculating the single loss expectancy before new controls minus the annualized loss expectancy after controls are implemented minus the annualized cost of the safeguard._________________________
(True/False)
5.0/5
(29)
Common sense dictates that an organization should spend more to protect an asset than its value.
(True/False)
4.8/5
(40)
The ____ is the calculation of the value associated with the most likely loss from an attack.
(Multiple Choice)
4.7/5
(33)
Avoidance of risk is the choice to forgo the use of security measures and accept loss in the event of an attack._________________________
(True/False)
4.8/5
(42)
Asset evaluation is the process of assigning financial worth to each information asset._________________________
(True/False)
4.9/5
(44)
Which of the following is NOT a valid rule of thumb on risk control strategy selection?
(Multiple Choice)
4.9/5
(32)
Mitigation depends on the ability to detect and respond to an attack as quickly as possible ._________________________
(True/False)
4.8/5
(37)
The Microsoft Risk Management Approach includes four phases: assessing risk,conducting decision support,implementing controls and measuring program effectiveness._________________________
(True/False)
4.8/5
(34)
The final choice of a risk control strategy may call for a balanced mixture of controls that provides the greatest value for as many asset-threat pairs as possible.
(True/False)
4.8/5
(48)
When a vulnerability (flaw or weakness)exists,you should implement security policies to reduce the likelihood of a vulnerability being exercised._________________________
(True/False)
4.9/5
(40)
Step-by-step rules to regain normalcy is covered by which of the following plans in the mitigation control approach?
(Multiple Choice)
4.9/5
(35)
The Microsoft Risk Management Approach includes four phases.Which of the following is NOT one of them?
(Multiple Choice)
4.8/5
(34)
____________________ is a risk management framework developed to help organizations to understand,analyze,and measure information risk.The outcomes are more cost-effective information risk management,greater credibility for the information security profession,and a foundation from which to develop a scientific approach to information risk management.
(Short Answer)
5.0/5
(32)
Showing 21 - 40 of 105
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)