FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 5: Risk Management

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

Multiple Choice

Review LaterAdd Note

Review Later

Management of classified data includes its storage and _________.

A)  distribution
B)  portability 
C)  destruction
D)  All of the above

E) None of the above
F) A) and D)

Correct Answer

verified

Show Answer

Question 2

Multiple Choice

Review LaterAdd Note

Review Later

The __________ is the difference between an organization's observed and desired performance.

A)  performance gap
B)  objective 
C)  issue delta
D)  risk assessment

E) A) and B)
F) A) and C)

Correct Answer

verified

Show Answer

Question 3

True/False

Review LaterAdd Note

Residual risk is the risk that has not been removed, shifted, or planned for after vulnerabilities have been completely resolved.

When determining the relative importance of each asset, refer to the organization's mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts.

When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as __________.

Using the simplified information classification scheme outlined in the text, all information that has been approved by management for public release has a(n) ____________________ classification.

To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.

The value of information to the organization's competition should influence the asset's valuation.

A security clearance is a component of a data classification scheme that assigns a status level to systems to designate the maximum level of classified data that may be stored on them.

Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level.

____________________ include information and the systems that use, store, and transmit information.

A data classification scheme is a formal access control methodology used to assign a level of  availability to an information asset and thus restrict the number of people who can access it.

Within a data classification scheme, "comprehensive" means that an information asset should fit in only one category.

Behavioral feasibility is also known as ____________________.

Operational feasibility is also known as behavioral feasibility. _________________________

The mitigation control strategy attempts to reduce the impact of a successful attack through planning and preparation. _________________________

In addition to their other responsibilities, the three communities of interest are responsible for determining which control options are cost effective for the organization.

In a cost-benefit analysis, a single loss expectancy (SLE) is the calculated value associated with the most likely loss from an attack; the SLE is the product of the asset's value and the annualized loss expectancy.

The ____________________ risk control strategy attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards.

One advantage to benchmarking is that best practices change very little over time.