Which of the following risk handling technique involves…
Which of the following risk handling technique involves the practice of passing on the risk to another entity,
such as an insurance company?
Which of the following risk handling technique involves…
Which of the following risk handling technique involves the practice of being proactive so that the risk in
question is not realized?
What kind of a strategy shouldSam recommend to the seni…
Sam is the security Manager of a financial institute. Senior management has requested he performs a risk
analysis on all critical vulnerabilities reported by an IS auditor. After completing the risk analysis, Sam has
observed that for a few of the risks, the cost benefit analysis shows that risk mitigation cost (countermeasures,
controls, or safeguard) is more than the potential lost that could be incurred. What kind of a strategy shouldSam recommend to the senior management to treat these risks?
Which of the following technique is used by John to tre…
John is the product manager for an information system. His product has undergone under security review by an
IS auditor. John has decided to apply appropriate security controls to reduce the security risks suggested by an
IS auditor. Which of the following technique is used by John to treat the identified risk provided by an IS
auditor?
What is this this approach to risk management called?
There is no way to completely abolish or avoid risks, you can only manage them. A risk free environment does
not exist. If you have risks that have been identified, understood and evaluated to be acceptable in order to
conduct business operations. What is this this approach to risk management called?
which one involves using controls to reduce the risk?
Of the multiple methods of handling risks which we must undertake to carry out business operations, which one
involves using controls to reduce the risk?
which of the four common ways listed below seek to elim…
In terms or Risk Analysis and dealing with risk, which of the four common ways listed below seek to eliminate
involvement with the risk being evaluated?
Controls such as job rotation, the sharing of responsib…
Controls such as job rotation, the sharing of responsibilities, and reviews of audit records are associated with:
The controls that usually require a human to evaluate t…
The controls that usually require a human to evaluate the input from sensors or cameras to determine if a real
threat exists are associated with:
Which of the following is a fraud detection method wher…
Which of the following is a fraud detection method whereby employees are moved from position to position?