Establishing data classification levels within a company is essential as part of an overall security program. Of the people listed below, who would be the best choice to sponsor a data classification program?

Shirley is in charge of asset identification and classification as part of a risk assessment initiative. In going through an inventory list, she must decide if an asset is tangible or intangible. Which of the following should she mark as intangible?

Which of the following is true of a qualitative risk analysis approach?

Risk assessment is not always met with open arms by management for all of the following reasons except:

Kathy is responsible for an asset valued at $25,000. It is determined that her asset has an exposure factor of 10 percent. What is the single loss expectancy (SLE)?

Riley is leading a project kick-off meeting with representatives from the entire company. He asks the following questions:
1) What could happen?
2) How devastating could it possibly be?
3) How often could it occur?
4) How accurate are our answers to the three previous questions?

What area or issue are the answers to these questions targeted at?

Which of the following is not a domain of Control Objectives for Information and related Technology?

Larry is in charge of presenting risk assessment calculations to his boss by the end of the week. He concludes that a server with heavy traffic has an annualized loss expectancy (ALE) of $15,000 with an annualized rate of occurrence (ARO) of 5. What is the servers single loss expectancy (SLE) value?

Denial of service and loss of services due to disasters are two issues that are primarily linked to which of the following main concepts of information security?

Your companys CIO has stressed the need for an immediate incident response plan to be created. What is the best reason for this mandate?