Which of the following is not an important aspect of an organizational security policy?

Kevin and David are carrying out a risk assessment and they need to perform a cost/benefit analysis on a specific countermeasure to determine if it is a good choice for the company. The potential loss to the company without the control is $200,000. The ALE with the control is $75,500. They figure that the annual cost of the safeguard is $55,400. What is the value of this safeguard to the company?

What is the difference between the modified and consensus Delphi methods?

ACMEs storage facility has been valued at $400,000 and it is estimated that if a flood took place it would damage 35 percent of the facility. The local governments statistics indicate that a flood has the probability of happening once in 10 years. What are the SLE and ALE values?

What does it mean that a risk should be accepted based on cost, pain, and visibility?

In risk assessments and analysis, the frequency of a threat needs to be estimated. The value that is used is usually the annualized rate of occurrence. Which of the following is incorrect pertaining to this value?

Why is it important to get the right level of individuals involved in a risk analysis?

Sam and David have not carried out proper project sizing and they are halfway through their risk analysis. What is the danger of not doing this?

A proper risk analysis has specific steps and objectives that it needs to accomplish. Which of the following lists these items?

Who sets the acceptable risk level for an organization?