Chat with AI
Deck 4: Information Security Governance and Risk Management
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/20
Play
Full screen (f)
Deck 4: Information Security Governance and Risk Management
1
A countermeasure reduces the potential risk.
True
2
The Zachman Framework is an enterprise architecture framework.
True
3
The first step of a risk assessment is to identify threats and vulnerabilities.
False
4
Tangible assets include intellectual property, data, and organizational reputation.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
5
A quantitative risk analysis does not assign monetary and numeric values to all facets of the risk analysis process.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
6
One of the disadvantages of qualitative risk analysis is that all results are subjective.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
7
After an organization understands its total and residual risk, it must determine how to get rid of the risk.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
8
Policies are broad and provide the foundation for development of standards, baselines, guidelines, and procedures.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
9
Commercial organizations usually classify data using five main classification levels: Top Secret, Secret, Confidential, Sensitive but Unclassified, and Unclassified.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
10
The data custodian implements the information classification and controls after they are determined.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
11
What is the probability that a threat agent will exploit vulnerability and the impact if the threat is carried out?
A) Exposure
B) Countermeasure
C) Risk
D) Due diligence
A) Exposure
B) Countermeasure
C) Risk
D) Due diligence
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
12
Which of the following is an enterprise security architecture framework?
A) MODAF
B) TOGAF
C) ITIL
D) SABSA
A) MODAF
B) TOGAF
C) ITIL
D) SABSA
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
13
According to the NIST SP 800-30, what is the last step of a risk assessment?
A) Determine risk as a combination of likelihood and impact.
B) Identify impact.
C) Determine likelihood.
D) Identify threats.
A) Determine risk as a combination of likelihood and impact.
B) Identify impact.
C) Determine likelihood.
D) Identify threats.
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
14
Which threat agent group includes malicious users?
A) Natural
B) Human
C) Technical
D) Operational
A) Natural
B) Human
C) Technical
D) Operational
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
15
Which calculation uses the formula AV × EF?
A) SLE
B) ARO
C) ALE
D) Cost-benefit analysis
A) SLE
B) ARO
C) ALE
D) Cost-benefit analysis
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
16
What is the calculation you should use for safeguard value?
A) (ALE before safeguard) + (ALE after safeguard) - (annual cost of safeguard)
B) (ALE before safeguard) - (ALE after safeguard) - (annual cost of safeguard)
C) (ALE before safeguard) - (ALE after safeguard) + (annual cost of safeguard)
D) (ALE before safeguard) + (ALE after safeguard) + (annual cost of safeguard)
A) (ALE before safeguard) + (ALE after safeguard) - (annual cost of safeguard)
B) (ALE before safeguard) - (ALE after safeguard) - (annual cost of safeguard)
C) (ALE before safeguard) - (ALE after safeguard) + (annual cost of safeguard)
D) (ALE before safeguard) + (ALE after safeguard) + (annual cost of safeguard)
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
17
Which risk handling method defines the acceptable risk level the organization can tolerate and reduces the risk to that level?
A) Risk avoidance
B) Risk transfer
C) Risk mitigation
D) Risk acceptance
A) Risk avoidance
B) Risk transfer
C) Risk mitigation
D) Risk acceptance
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
18
What is a baseline?
A) Recommended actions that are more flexible than standards
B) All the detailed actions that personnel are required to follow
C) Mandatory actions that describe how policies will be implemented within an organization
D) A reference point defined and captured to be used as a future reference
A) Recommended actions that are more flexible than standards
B) All the detailed actions that personnel are required to follow
C) Mandatory actions that describe how policies will be implemented within an organization
D) A reference point defined and captured to be used as a future reference
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
19
Which type of data includes patents, trade secrets, and other information that could seriously affect the government if unauthorized disclosure occurred?
A) Confidential
B) Top secret
C) Secret
D) Sensitive
A) Confidential
B) Top secret
C) Secret
D) Sensitive
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
20
Which role evaluates the security needs of the organization and develops the internal information security governance documents?
A) Security administrator
B) Security analyst
C) Data custodian
D) Data owner
A) Security administrator
B) Security analyst
C) Data custodian
D) Data owner
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 20 flashcards in this deck.
