Before conducting a formal risk assessment of an organi…
Before conducting a formal risk assessment of an organization’s information resources, an information security
manager should FIRST:
which of the following is MOST important to estimate th…
When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential
loss?
By doing so, the net effect will be to PRIMARILY reduce the:
An information security manager has been assigned to implement more restrictive preventive controls. By doing
so, the net effect will be to PRIMARILY reduce the:
It is important to classify and determine relative sens…
It is important to classify and determine relative sensitivity of assets to ensure that:
The PRIMARY goal of a corporate risk management program…
The PRIMARY goal of a corporate risk management program is to ensure that an organization’s:
which of the following areas?
Data owners are PRIMARILY responsible for establishing risk mitigation methods to address which of the
following areas?
When the computer incident response team (CIRT) finds c…
When the computer incident response team (CIRT) finds clear evidence that a hacker has penetrated the
corporate network and modified customer information, an information security manager should FIRST notify:
provide equal coverage for all asset types.
In assessing risk, it is MOST essential to:A. provide equal coverage for all asset types.
Information security managers should use risk assessmen…
Information security managers should use risk assessment techniques to:
Which two components PRIMARILY must be assessed in an e…
Which two components PRIMARILY must be assessed in an effective risk analysis?