Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 8: Risk Management: Identifying and Assessing Risk

Full screen (f)
exit full mode
Question
Having an established risk management program means that an organization's assets are completely protected.
Use Space or
up arrow
down arrow
to flip the card.
Question
A ranked vulnerability risk worksheet assigns a ranked value or impact weight to each information asset.
Question
Likelihood is the overall rating of the probability that a specific vulnerability will be exploited.
Question
During risk identification,managers identify the organization's information assets,classify and categorize them into useful groups,and prioritize them by their overall importance.
Question
A well-developed risk management program consists of two formal processes: risk identification and assessment and risk control._________________________
Question
During risk identification managers identify the organization's information assets,classify and categorize them into useful groups,and prioritize them by their overall importance._________________________
Question
Risk Analysis is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be controlled or mitigated.
Question
A community of management and users that is well trained and informed about threats facing the organization can be crucial in the early detection and response process.
Question
Each component of an IT system has information of value during the risk identification process.These components include people,policies,data,software,hardware and networking.
Question
Determining the likelihood that vulnerable systems will be attacked by specific threats is part of the risk identification process._________________________
Question
Assigning a value to each information asset is part of the identification process._________________________
Question
Assessing risks includes assigning a value to each information asset.
Question
The information technology community often takes on the leadership role in addressing risk.
Question
Information technology managers and technicians are the defenders of information._________________________
Question
Organizations should have a data classification scheme categorizing information assets based on their sensitivity and security needs; for example: confidential,internal and public.
Question
The first stage in the Risk Identification process is to develop an inventory of information assets.
Question
According to Sun Tzu - knowing yourself and your enemy "for every victory gained,you will suffer a defeat".
Question
To make the process of analyzing threats less daunting,steps in the threat and vulnerability identification processes should be handled jointly.
Question
The process of assigning relative values to information assets helps to ensure that assets with higher values are protected first.
Question
A TVA spreadsheet combines prioritized lists of assets and threats to identify vulnerabilities and provide a prioritized list of efforts relating to the implementation of needed controls.
Question
Which of the following activities is part of the risk assessment process?

A) Creating an inventory of information assets
B) Classifying and organizing information assets into meaningful groups
C) Assigning a value to each information asset
D) Calculating the risks to which assets are exposed in their current setting
Question
The final step in the risk identification process is to list the assets in order of importance.This goal can be achieved by using a(n)____ worksheet.

A) asset valuation
B) weighted factor analysis
C) asset classification
D) TVA
Question
Which of the following activities is part of the risk identification process?

A) Determining the likelihood that vulnerable systems will be attacked by specific threats
B) Calculating the risks to which assets are exposed in their current setting
C) Assigning a value to each information asset
D) Assessing the relative risk facing the organization's information assets
Question
The data classification scheme for an information asset could include confidential,internal,and private.Each of these classification categories designates the level of protection needed for a particular information asset._________________________
Question
The ____ is also referred to as an electronic serial number.

A) asset ID
B) MAC address
C) IP address
D) model number
Question
The ultimate goal of risk identification is to assess the circumstances and setting of each information asset to reveal any threats._________________________
Question
____ elements are divided into three categories: applications,operating systems,or security components.

A) Networking
B) Hardware
C) Software
D) Procedures
Question
Risk is the likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability._________________________
Question
The amount of danger posed by a threat is sometimes difficult to assess.It may be simply the impact of a threat attacking the organization,or it may reflect the amount of damage that the threat could create or the frequency with which an attack can occur._________________________
Question
People are divided into insiders (employees)and outsiders (nonemployees).Outsiders come in two categories: either they hold trusted roles and have correspondingly greater authority and accountability,or they are regular staff without any special privileges._________________________
Question
After a peak in 2000,the number of organizations reporting unauthorized use of computer systems has been declining steadily; the amount reporting no unauthorized access has been increasing._________________________
Question
The final step in the risk identification process is to list the assets in order of cost,using a weighted factor analysis worksheet._________________________
Question
The ____ is an effective attribute for tracking network devices and servers,but rarely applies to software.

A) name
B) asset type
C) MAC address
D) IP address
Question
The relative value of an information asset depends on how much revenue it generates-or,in the case of a nonprofit organization,how critical it is to service delivery._________________________
Question
The ____ community best understands threats and attacks that put an organization at risk.

A) information technology
B) information security
C) general management
D) users
Question
Classification categories must be ____ (all inventoried assets fit into a category)and ____ (each asset is found in only one category).

A) self-regulating, conscriptive
B) mutually inclusive, mutually exclusive
C) comprehensive, mutually exclusive
D) mutually exclusive, classification
Question
____ is the identification and assessment of levels of risk in the organizations?

A) Risk analysis
B) Risk identification
C) Risk assessment
D) Risk management
Question
Weighting criteria can be used to assess the value of information assets or impact evaluation._________________________
Question
A(n)comprehensive classification of information assets means that all inventoried assets fit into a category._________________________
Question
When determining the relative importance of each information asset,refer to the organization's ____ or statement of objectives.From this source,determine which assets are essential for meeting the organization's objectives,which assets support the objectives,and which are merely adjuncts.

A) mission statement
B) security plan
C) values statement
D) security policy
Question
The ____ uniquely identifies a specific device.

A) manufacturer's model number
B) manufacturer name
C) IP address
D) serial number
Question
Which of the following attributes does not apply to software information assets?

A) Serial number
B) Controlling entity
C) Logical location
D) Physical location
Question
____ should be avoided when identifying people assets.

A) Position titles
B) Roles
C) Security clearance levels
D) Names
Question
____ are specific avenues that threat agents can exploit to attack an information asset.

A) threats
B) exploits
C) vulnerabilities
D) attacks
Question
The simple classification scheme for an information asset of confidential,____ and public,designates the level of protection needed for a particular information asset.

A) restricted
B) private
C) exclusive
D) internal
Question
One of the calculations that guides corporate spending on controls is the cost of ____ operations if an attack occurs and is successful.

A) recovery
B) response
C) mitigation
D) asset valuation
Question
Deliberate software attacks include worms,denial of service,macros,and ____.

A) unknown loopholes
B) piracy
C) bugs
D) viruses
Question
Examples of technical software failures or errors include code problems,unknown loopholes,and ____.

A) bugs
B) piracy
C) employee mistakes
D) equipment failure
Question
What information signifies that a manufacturer performed an upgrade to a hardware component at their customer's premises?

A) Software version
B) Update revision
C) Field change order number
D) Serial number
Question
As each information asset is identified,categorized,and ____,a relative value must also be assigned to it.

A) prioritized
B) classified
C) labeled
D) cataloged
Question
Almost every organization is aware of its image in the local,national,and international spheres.Loss or ____ of some assets would prove especially embarrassing.

A) theft
B) deletion
C) exposure
D) destruction
Question
Which of the following is an example of human error?

A) Copyright infringement
B) Outdated technologies
C) Accidents
D) Unauthorized collection of data
Question
Risk is the likelihood of the occurrence of a(n)____ multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability.

A) attack
B) vulnerability
C) exploit
D) assessment
Question
In a TVA worksheet,along one asset lies the prioritized set of ____,along the other the prioritized set of ____.

A) controls, vulnerabilities
B) assets, threats
C) risks, expenditures
D) assessments, classifications
Question
Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

A) Name
B) MAC address
C) Serial number
D) Manufacturer's part number
Question
The ____ is an attribute that can be helpful in analyzing threat outbreaks when certain manufacturers announce specific vulnerabilities.

A) serial number
B) model number
C) manufacturer name
D) software version
Question
Which of the following is the final step in the risk identification process of information assets?

A) Assessing relative value
B) Listing by order of importance
C) Preparing deliverables
D) Identifying and categorizing
Question
The relative value of an information asset depends on how much ____ it generates-or,in the case of a nonprofit organization,how critical it is to service delivery.

A) risk
B) margin
C) revenue
D) data
Question
Which of the following describes an attribute that displays where an asset can be found on an organization's network?

A) Serial number
B) Logical location
C) Controlling entity
D) Physical location
Question
A press release is likely to fall under the ____ data classification scheme.

A) public
B) classified
C) sensitive
D) for official use only
Question
A(n)____________________ defense is the foundation of any information security program.
Question
Classification categories must be ____________________ and mutually exclusive.
Question
Piracy and copyright infringement are examples of the threat of compromise to ____________________ property.
Question
As each information asset is identified,____________________,and classified,a relative value must also be assigned to it.
Question
The process of evaluating potential weaknesses in each information asset is known as ____________________ identification.
Question
Knowing the enemy means that the threats facing an organization's information assets should be identified,examined,and ____________________.
Question
____________________ is the overall rating-a numerical value on a defined scale-of the probability that a specific vulnerability will be exploited.
Question
Risk management is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be ____________________.
Question
Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.
Question
List the stages in the risk identification process in order of occurrence.
Question
____________________ are specific areas in which threat agents can attack an information asset.
Question
The last stage in the risk identification process is to document the organization's ____________________.
Question
Briefly describe any three standard IT system components and their respective risk management components.
Question
The inventory should also reflect the ____________________ and security priority assigned to each information asset.
Question
The standard IT system components include: people,data,networks,hardware,software,and ____________________.
Question
For the purposes of relative risk assessment how is risk calculated?
Question
A(n)____________________ number uniquely identifies a specific device.
Question
As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/78
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 8: Risk Management: Identifying and Assessing Risk
1
Having an established risk management program means that an organization's assets are completely protected.
False
2
A ranked vulnerability risk worksheet assigns a ranked value or impact weight to each information asset.
False
3
Likelihood is the overall rating of the probability that a specific vulnerability will be exploited.
True
4
During risk identification,managers identify the organization's information assets,classify and categorize them into useful groups,and prioritize them by their overall importance.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
5
A well-developed risk management program consists of two formal processes: risk identification and assessment and risk control._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
6
During risk identification managers identify the organization's information assets,classify and categorize them into useful groups,and prioritize them by their overall importance._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
7
Risk Analysis is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be controlled or mitigated.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
8
A community of management and users that is well trained and informed about threats facing the organization can be crucial in the early detection and response process.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
9
Each component of an IT system has information of value during the risk identification process.These components include people,policies,data,software,hardware and networking.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
10
Determining the likelihood that vulnerable systems will be attacked by specific threats is part of the risk identification process._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
11
Assigning a value to each information asset is part of the identification process._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
12
Assessing risks includes assigning a value to each information asset.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
13
The information technology community often takes on the leadership role in addressing risk.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
14
Information technology managers and technicians are the defenders of information._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
15
Organizations should have a data classification scheme categorizing information assets based on their sensitivity and security needs; for example: confidential,internal and public.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
16
The first stage in the Risk Identification process is to develop an inventory of information assets.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
17
According to Sun Tzu - knowing yourself and your enemy "for every victory gained,you will suffer a defeat".
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
18
To make the process of analyzing threats less daunting,steps in the threat and vulnerability identification processes should be handled jointly.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
19
The process of assigning relative values to information assets helps to ensure that assets with higher values are protected first.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
20
A TVA spreadsheet combines prioritized lists of assets and threats to identify vulnerabilities and provide a prioritized list of efforts relating to the implementation of needed controls.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
21
Which of the following activities is part of the risk assessment process?

A) Creating an inventory of information assets
B) Classifying and organizing information assets into meaningful groups
C) Assigning a value to each information asset
D) Calculating the risks to which assets are exposed in their current setting
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
22
The final step in the risk identification process is to list the assets in order of importance.This goal can be achieved by using a(n)____ worksheet.

A) asset valuation
B) weighted factor analysis
C) asset classification
D) TVA
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
23
Which of the following activities is part of the risk identification process?

A) Determining the likelihood that vulnerable systems will be attacked by specific threats
B) Calculating the risks to which assets are exposed in their current setting
C) Assigning a value to each information asset
D) Assessing the relative risk facing the organization's information assets
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
24
The data classification scheme for an information asset could include confidential,internal,and private.Each of these classification categories designates the level of protection needed for a particular information asset._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
25
The ____ is also referred to as an electronic serial number.

A) asset ID
B) MAC address
C) IP address
D) model number
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
26
The ultimate goal of risk identification is to assess the circumstances and setting of each information asset to reveal any threats._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
27
____ elements are divided into three categories: applications,operating systems,or security components.

A) Networking
B) Hardware
C) Software
D) Procedures
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
28
Risk is the likelihood of the occurrence of a vulnerability multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
29
The amount of danger posed by a threat is sometimes difficult to assess.It may be simply the impact of a threat attacking the organization,or it may reflect the amount of damage that the threat could create or the frequency with which an attack can occur._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
30
People are divided into insiders (employees)and outsiders (nonemployees).Outsiders come in two categories: either they hold trusted roles and have correspondingly greater authority and accountability,or they are regular staff without any special privileges._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
31
After a peak in 2000,the number of organizations reporting unauthorized use of computer systems has been declining steadily; the amount reporting no unauthorized access has been increasing._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
32
The final step in the risk identification process is to list the assets in order of cost,using a weighted factor analysis worksheet._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
33
The ____ is an effective attribute for tracking network devices and servers,but rarely applies to software.

A) name
B) asset type
C) MAC address
D) IP address
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
34
The relative value of an information asset depends on how much revenue it generates-or,in the case of a nonprofit organization,how critical it is to service delivery._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
35
The ____ community best understands threats and attacks that put an organization at risk.

A) information technology
B) information security
C) general management
D) users
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
36
Classification categories must be ____ (all inventoried assets fit into a category)and ____ (each asset is found in only one category).

A) self-regulating, conscriptive
B) mutually inclusive, mutually exclusive
C) comprehensive, mutually exclusive
D) mutually exclusive, classification
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
37
____ is the identification and assessment of levels of risk in the organizations?

A) Risk analysis
B) Risk identification
C) Risk assessment
D) Risk management
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
38
Weighting criteria can be used to assess the value of information assets or impact evaluation._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
39
A(n)comprehensive classification of information assets means that all inventoried assets fit into a category._________________________
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
40
When determining the relative importance of each information asset,refer to the organization's ____ or statement of objectives.From this source,determine which assets are essential for meeting the organization's objectives,which assets support the objectives,and which are merely adjuncts.

A) mission statement
B) security plan
C) values statement
D) security policy
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
41
The ____ uniquely identifies a specific device.

A) manufacturer's model number
B) manufacturer name
C) IP address
D) serial number
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
42
Which of the following attributes does not apply to software information assets?

A) Serial number
B) Controlling entity
C) Logical location
D) Physical location
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
43
____ should be avoided when identifying people assets.

A) Position titles
B) Roles
C) Security clearance levels
D) Names
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
44
____ are specific avenues that threat agents can exploit to attack an information asset.

A) threats
B) exploits
C) vulnerabilities
D) attacks
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
45
The simple classification scheme for an information asset of confidential,____ and public,designates the level of protection needed for a particular information asset.

A) restricted
B) private
C) exclusive
D) internal
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
46
One of the calculations that guides corporate spending on controls is the cost of ____ operations if an attack occurs and is successful.

A) recovery
B) response
C) mitigation
D) asset valuation
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
47
Deliberate software attacks include worms,denial of service,macros,and ____.

A) unknown loopholes
B) piracy
C) bugs
D) viruses
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
48
Examples of technical software failures or errors include code problems,unknown loopholes,and ____.

A) bugs
B) piracy
C) employee mistakes
D) equipment failure
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
49
What information signifies that a manufacturer performed an upgrade to a hardware component at their customer's premises?

A) Software version
B) Update revision
C) Field change order number
D) Serial number
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
50
As each information asset is identified,categorized,and ____,a relative value must also be assigned to it.

A) prioritized
B) classified
C) labeled
D) cataloged
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
51
Almost every organization is aware of its image in the local,national,and international spheres.Loss or ____ of some assets would prove especially embarrassing.

A) theft
B) deletion
C) exposure
D) destruction
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
52
Which of the following is an example of human error?

A) Copyright infringement
B) Outdated technologies
C) Accidents
D) Unauthorized collection of data
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
53
Risk is the likelihood of the occurrence of a(n)____ multiplied by the value of the information asset minus the percentage of risk mitigated by current controls plus the uncertainty of current knowledge of the vulnerability.

A) attack
B) vulnerability
C) exploit
D) assessment
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
54
In a TVA worksheet,along one asset lies the prioritized set of ____,along the other the prioritized set of ____.

A) controls, vulnerabilities
B) assets, threats
C) risks, expenditures
D) assessments, classifications
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
55
Which of the following distinctly identifies an asset and can be vital in later analysis of threats directed to specific models of certain devices or software components?

A) Name
B) MAC address
C) Serial number
D) Manufacturer's part number
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
56
The ____ is an attribute that can be helpful in analyzing threat outbreaks when certain manufacturers announce specific vulnerabilities.

A) serial number
B) model number
C) manufacturer name
D) software version
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
57
Which of the following is the final step in the risk identification process of information assets?

A) Assessing relative value
B) Listing by order of importance
C) Preparing deliverables
D) Identifying and categorizing
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
58
The relative value of an information asset depends on how much ____ it generates-or,in the case of a nonprofit organization,how critical it is to service delivery.

A) risk
B) margin
C) revenue
D) data
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
59
Which of the following describes an attribute that displays where an asset can be found on an organization's network?

A) Serial number
B) Logical location
C) Controlling entity
D) Physical location
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
60
A press release is likely to fall under the ____ data classification scheme.

A) public
B) classified
C) sensitive
D) for official use only
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
61
A(n)____________________ defense is the foundation of any information security program.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
62
Classification categories must be ____________________ and mutually exclusive.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
63
Piracy and copyright infringement are examples of the threat of compromise to ____________________ property.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
64
As each information asset is identified,____________________,and classified,a relative value must also be assigned to it.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
65
The process of evaluating potential weaknesses in each information asset is known as ____________________ identification.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
66
Knowing the enemy means that the threats facing an organization's information assets should be identified,examined,and ____________________.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
67
____________________ is the overall rating-a numerical value on a defined scale-of the probability that a specific vulnerability will be exploited.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
68
Risk management is the process of discovering and assessing the risks to an organization's operations and determining how those risks can be ____________________.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
69
Assessing risks includes determining the ____________________ that vulnerable systems will be attacked by specific threats.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
70
List the stages in the risk identification process in order of occurrence.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
71
____________________ are specific areas in which threat agents can attack an information asset.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
72
The last stage in the risk identification process is to document the organization's ____________________.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
73
Briefly describe any three standard IT system components and their respective risk management components.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
74
The inventory should also reflect the ____________________ and security priority assigned to each information asset.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
75
The standard IT system components include: people,data,networks,hardware,software,and ____________________.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
76
For the purposes of relative risk assessment how is risk calculated?
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
77
A(n)____________________ number uniquely identifies a specific device.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
78
As part of the risk identification process,listing the assets in order of importance can be achieved by using a weighted ____________________ worksheet.
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 78 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree