Chat with AI
Deck 4: Governance and Risk Management
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/20
Play
Full screen (f)
Deck 4: Governance and Risk Management
1
Which of the following is a characteristic of the silo-based approach to cybersecurity?
A) Compliance is discretionary.
B) Security is the responsibility of the IT department.
C) Little or no organizational accountability exists.
D) All of the above
A) Compliance is discretionary.
B) Security is the responsibility of the IT department.
C) Little or no organizational accountability exists.
D) All of the above
All of the above
2
At which of the following states of the CMM scale are there no documented policies and processes?
A) Ad hoc
B) Defined process
C) Optimized
D) Nonexistent
A) Ad hoc
B) Defined process
C) Optimized
D) Nonexistent
Ad hoc
3
Which of the following best describes residual risk?
A) The likelihood of occurrence of a threat
B) The level of risk before security measures are applied
C) The level of risk after security measures are applied
D) The impact of risk if a threat is realized
A) The likelihood of occurrence of a threat
B) The level of risk before security measures are applied
C) The level of risk after security measures are applied
D) The impact of risk if a threat is realized
The level of risk after security measures are applied
4
Which of the following statements best describes risk transfer?
A) It shifts a portion of the risk responsibility or liability to other organizations.
B) It shifts the entire risk responsibility to other organizations.
C) It takes steps to eliminate or modify the risk.
D) None of the above
A) It shifts a portion of the risk responsibility or liability to other organizations.
B) It shifts the entire risk responsibility to other organizations.
C) It takes steps to eliminate or modify the risk.
D) None of the above
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
5
Which of the following is the objective of risk assessment?
A) Identify the inherent risk
B) Determine the impact of a threat
C) Calculate the likelihood of a threat occurrence
D) All of the above
A) Identify the inherent risk
B) Determine the impact of a threat
C) Calculate the likelihood of a threat occurrence
D) All of the above
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
6
Which of the following risk assessment methodologies was originally developed by CERT?
A) FAIR
B) OCTAVE
C) RMF
D) CMM
A) FAIR
B) OCTAVE
C) RMF
D) CMM
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
7
Which of the following risks relates to negative public opinion?
A) Operational risk
B) Strategic risk
C) Financial risk
D) Reputational risk
A) Operational risk
B) Strategic risk
C) Financial risk
D) Reputational risk
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
8
Which of the following statements best describes strategic risk?
A) Risk that relates to monetary loss
B) Risk that relates to adverse business decisions
C) Risk that relates to loss resulting from inadequate or failed processes or systems
D) Risk that relates to violations of laws, rules, regulations, or policy
A) Risk that relates to monetary loss
B) Risk that relates to adverse business decisions
C) Risk that relates to loss resulting from inadequate or failed processes or systems
D) Risk that relates to violations of laws, rules, regulations, or policy
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
9
Which of the following is the magnitude of harm?
A) Risk
B) Threat
C) Impact
D) Vulnerability
A) Risk
B) Threat
C) Impact
D) Vulnerability
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
10
The two approaches to cybersecurity are silo-based and __________.
A) integrated
B) operational
C) environmental
D) strategic
A) integrated
B) operational
C) environmental
D) strategic
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
11
Which of the following refers to directives that codify organizational requirements?
A) Guidelines
B) Standards
C) Policies
D) Baselines
A) Guidelines
B) Standards
C) Policies
D) Baselines
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following is the leading membership organization for Boards and Directors in the U.S.?
A) ISO
B) NIST
C) CERT
D) NACD
A) ISO
B) NIST
C) CERT
D) NACD
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
13
Which of the following is a systematic, evidence-based evaluation of how well an organization conforms to such established criteria as Board-approved policies, regulatory requirements, and internationally recognized standards, such as the ISO 27000 series?
A) Audit report
B) Cybersecurity audit
C) CMM
D) CISA
A) Audit report
B) Cybersecurity audit
C) CMM
D) CISA
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
14
In the NIST Cybersecurity Framework, which governance subcategory references legal and regulatory requirements regarding cybersecurity, including privacy and civil liberties obligations?
A) ID.GV-1
B) ID.GV-2
C) ID.GV-3
D) ID.GV-4
A) ID.GV-1
B) ID.GV-2
C) ID.GV-3
D) ID.GV-4
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
15
Which of the following refers to how much of the undesirable outcome a risk taker is willing to accept in exchange for the potential benefit?
A) Risk tolerance
B) Risk mitigation
C) Risk management
D) Risk acceptance
A) Risk tolerance
B) Risk mitigation
C) Risk management
D) Risk acceptance
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
16
Which of the following refers to the level of risk before security measures are applied?
A) Residual risk
B) Vulnerability
C) Inherent risk
D) Impact
A) Residual risk
B) Vulnerability
C) Inherent risk
D) Impact
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
17
Which of the following is the final step in the NIST Risk Assessment methodology?
A) Communicate the results.
B) Prepare for the assessment.
C) Conduct the assessment.
D) Maintain the assessment.
A) Communicate the results.
B) Prepare for the assessment.
C) Conduct the assessment.
D) Maintain the assessment.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
18
Which of the following refers to the process of managing, directing, controlling, and influencing organizational decisions, actions, and behaviors?
A) Governance
B) Risk sharing
C) Risk management
D) CMM
A) Governance
B) Risk sharing
C) Risk management
D) CMM
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
19
OCTAVE is short for which of the following?
A) Operationally Critical Threat, Assessment, and Vulnerability Evaluation
B) Operationally Critical Threat, Asset, and Vulnerability Evaluation
C) Optimized Critical Threat, Assessment, and Vulnerability Evaluation
D) Optimized Critical Threat, Asset, and Vulnerability Evaluation
A) Operationally Critical Threat, Assessment, and Vulnerability Evaluation
B) Operationally Critical Threat, Asset, and Vulnerability Evaluation
C) Optimized Critical Threat, Assessment, and Vulnerability Evaluation
D) Optimized Critical Threat, Asset, and Vulnerability Evaluation
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
20
Which of the following provides a model for understanding, analyzing, and quantifying information risk in quantitative financial and business terms?
A) RMF
B) NIST
C) FAIR
D) OCTAVE
A) RMF
B) NIST
C) FAIR
D) OCTAVE
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
