Chat with AIExam 7: Risk Management: Controlling Risk
Exam 1: Introduction to the Management of Information Security63 Questions
Exam 2: Compliance: Law and Ethics50 Questions
Exam 3: Governance and Strategic Planning for Security52 Questions
Exam 4: Information Security Policy56 Questions
Exam 5: Developing the Security Program65 Questions
Exam 6: Risk Management: Identifying and Assessing Risk60 Questions
Exam 7: Risk Management: Controlling Risk60 Questions
Exam 8: Security Management Models60 Questions
Exam 9: Security Management Practices59 Questions
Exam 10: Planning for Contingencies60 Questions
Exam 11: Personnel and Security60 Questions
Exam 12: Protection Mechanisms61 Questions
Select questions type
A risk control strategy that eliminates all risk associated with an information asset by removing it from service.
Free
(Multiple Choice)
4.8/5 
(42)
(42) Correct Answer:
Verified
VerifiedD
An examination of how well a particular solution fits within the organization's strategic planning objectives and goals.
Free
(Multiple Choice)
5.0/5 (32)
(32) Correct Answer:Verified
VerifiedI
The risk control strategy that eliminates all risk associated with an information asset by removing it from service is known as the termination risk control strategy.
Free
(True/False)
4.8/5 (35)
(35) Correct Answer:Verified
VerifiedTrue
The formal assessment and presentation of the economic expenditures needed for a particular security control,contrasted with its projected value to the organization.
(Multiple Choice)
4.7/5 (41)
(41) The only use of the acceptance strategy that is recognized as valid by industry practices occurs when the organization has done all but which of the following?
(Multiple Choice)
4.9/5 (33)
(33) The quantity and nature of risk that organizations are willing to accept.
(Multiple Choice)
4.8/5 (39)
(39) A process of assigning financial value or worth to each information asset.
(Multiple Choice)
4.8/5 (40)
(40) To keep up with the competition organizations must design and create a ____________ environment in which business processes and procedures can function and evolve effectively.
(Short Answer)
4.9/5 (45)
(45) Once an organization has estimated the worth of various assets,what three questions must be asked to calculate the potential loss from the successful exploitation of a vulnerability?
(Essay)
5.0/5 (32)
(32) The risk control strategy that seeks to reduce the impact of a successful attack through the use of IR,DR and BC plans is ____________________ .
(Short Answer)
4.7/5 (34)
(34) The ISO 27005 Standard for Information Security Risk Management includes five stages including all but which of the following?
(Multiple Choice)
4.8/5 (36)
(36) Which of the following is NOT a valid rule of thumb on risk control strategy selection?
(Multiple Choice)
4.8/5 (24)
(24) What is the result of subtracting the post-control annualized loss expectancy and the ACS from the pre-control annualized loss expectancy?
(Multiple Choice)
4.8/5 (32)
(32) Which of the following describes an organization's efforts to reduce damage caused by a realized incident or disaster?
(Multiple Choice)
4.9/5 (29)
(29) Which of the following is not a step in the FAIR risk management framework?
(Multiple Choice)
4.8/5 (31)
(31) Briefly describe the five basic strategies to control risk that result from vulnerabilities.
(Essay)
4.8/5 (25)
(25) Once a control strategy has been selected and implemented,what should be done on an ongoing basis to determine their effectiveness and to estimate the remaining risk?
(Multiple Choice)
4.8/5 (32)
(32) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)