Chat with AIExam 6: Risk Management: Identifying and Assessing Risk
Exam 1: Introduction to the Management of Information Security63 Questions
Exam 2: Compliance: Law and Ethics50 Questions
Exam 3: Governance and Strategic Planning for Security52 Questions
Exam 4: Information Security Policy56 Questions
Exam 5: Developing the Security Program65 Questions
Exam 6: Risk Management: Identifying and Assessing Risk60 Questions
Exam 7: Risk Management: Controlling Risk60 Questions
Exam 8: Security Management Models60 Questions
Exam 9: Security Management Practices59 Questions
Exam 10: Planning for Contingencies60 Questions
Exam 11: Personnel and Security60 Questions
Exam 12: Protection Mechanisms61 Questions
Select questions type
What does it mean to 'know the enemy' with respect to risk management?
(Essay)
4.8/5 
(33)
(33) The InfoSec community often takes on the leadership role in addressing risk.
(True/False)
4.8/5 (41)
(41) Risk ____________ is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be mitigated.
(Short Answer)
4.9/5 (46)
(46) Assigns a risk-rating ranked value to each uncontrolled asset-vulnerability pair.
(Multiple Choice)
4.9/5 (39)
(39) Some threats can manifest in multiple ways,yielding multiple vulnerabilities for an asset-threat pair.
(True/False)
4.9/5 (37)
(37) Two of the activities involved in risk management include identifying risks and assessing risks. Which of the following activities is part of the risk assessment process?
(Multiple Choice)
4.8/5 (35)
(35) A formal access control methodology used to assign a level of confidentiality to an information asset and thus restrict the number of people who can access it is known as a data categorization scheme.
(True/False)
4.9/5 (36)
(36) A prioritized lists of assets and threats can be combined with exploit information into a specialized report known as a TVA worksheet.
(True/False)
4.8/5 (39)
(39) Why is threat identification so important in the process of risk management?
(Essay)
4.8/5 (36)
(36) Discuss the trends in frequency of attacks and how that plays into a risk management strategy.
(Essay)
5.0/5 (50)
(50) The information technology management community of interest often takes on the leadership role in addressing risk.
(True/False)
4.7/5 (31)
(31) An approach to combining risk identification,risk assessment,and risk appetite into a single strategy.is known as risk protection.
(True/False)
4.8/5 (38)
(38) Describe the use of an IP address when deciding which attributes to track for each information asset.
(Essay)
4.8/5 (25)
(25) Which of the following attributes does NOT apply to software information assets?
(Multiple Choice)
4.8/5 (41)
(41) Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.
(Short Answer)
4.8/5 (43)
(43) Each manager in the organization should focus on reducing risk. This is often done within the context of one of the three communities of interest,which includes all but which of the following?
(Multiple Choice)
4.8/5 (37)
(37) The recognition,enumeration,and documentation of risks to an organization's information assets.is known as risk control.
(True/False)
4.8/5 (35)
(35) Which of the following is NOT among the typical columns in the ranked vulnerability risk worksheet?
(Multiple Choice)
4.8/5 (31)
(31) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)