CSIA 300 – Midterm || Graded A+.
Within the realm of IT security, which of the following combinations best defines risk? correct
answers Threat coupled with a vulnerability
When determining the value of an intangible asset which is the BEST approach? correct answers
With the assistance of a finance of accounting professional determine how much profit the asset
has returned
Qualitative risk assessment is earmarked by which of the following? correct answers Ease of
implementation and it can be completed by personnel with a limited understanding of the risk
assessment process
Single loss expectancy (SLE) is calculated by using: correct answers Asset value and exposure
factor
Consideration for which type of risk assessment to perform includes all of the following: correct
answers Culture of the organization, budget, capabilities and resources
Security awareness training includes: correct answers Security roles and responsibilities for staff
What is the minimum and customary practice of responsible protection of assets that affects a
community or societal norm? correct answers Due care
Effective security management: correct answers Reduces risk to an acceptable level
Availability makes information accessible by protecting from: correct answers Denial of
services, fires, floods, and hurricanes and unreadable backup tapes
, Which phrase best defines a business continuity/disaster recover plan? correct answers The
adequate preparations and procedures for the continuation of all organization functions
Which of the following steps should be performed first in a business impact analysis (BIA)?
correct answers Identify all business units within an organization
Tactical security plans are BEST used to: correct answers Deploy new security technology
Who is accountable for implementing information security? correct answers Security officer
Security is likely to be most expensive when addressed in which phase? correct answers
Implementation
Information systems auditors help the organization: correct answers Identify control gaps
The Facilitated Risk Analysis Process (FRAP) correct answers makes a base assumption that a
narrow risk assessment is the most efficient way to determine risk in a system, business segment,
application or process.
Setting clear security roles has the following benefits: correct answers Establishes personal
accountability, establishes continuous improvement and reduces turf battles
Well-written security program policies are BEST reviewed: correct answers At least annually or
at pre-determined organization changes
An organization will conduct a risk assessment to evaluate correct answers threats to its assets,
vulnerabilities present in the environment, the likelihood that a threat will be realized by taking
advantage of an exposure, the impact that the exposure being realized will have on the
organization, the residual risk
Within the realm of IT security, which of the following combinations best defines risk? correct
answers Threat coupled with a vulnerability
When determining the value of an intangible asset which is the BEST approach? correct answers
With the assistance of a finance of accounting professional determine how much profit the asset
has returned
Qualitative risk assessment is earmarked by which of the following? correct answers Ease of
implementation and it can be completed by personnel with a limited understanding of the risk
assessment process
Single loss expectancy (SLE) is calculated by using: correct answers Asset value and exposure
factor
Consideration for which type of risk assessment to perform includes all of the following: correct
answers Culture of the organization, budget, capabilities and resources
Security awareness training includes: correct answers Security roles and responsibilities for staff
What is the minimum and customary practice of responsible protection of assets that affects a
community or societal norm? correct answers Due care
Effective security management: correct answers Reduces risk to an acceptable level
Availability makes information accessible by protecting from: correct answers Denial of
services, fires, floods, and hurricanes and unreadable backup tapes
, Which phrase best defines a business continuity/disaster recover plan? correct answers The
adequate preparations and procedures for the continuation of all organization functions
Which of the following steps should be performed first in a business impact analysis (BIA)?
correct answers Identify all business units within an organization
Tactical security plans are BEST used to: correct answers Deploy new security technology
Who is accountable for implementing information security? correct answers Security officer
Security is likely to be most expensive when addressed in which phase? correct answers
Implementation
Information systems auditors help the organization: correct answers Identify control gaps
The Facilitated Risk Analysis Process (FRAP) correct answers makes a base assumption that a
narrow risk assessment is the most efficient way to determine risk in a system, business segment,
application or process.
Setting clear security roles has the following benefits: correct answers Establishes personal
accountability, establishes continuous improvement and reduces turf battles
Well-written security program policies are BEST reviewed: correct answers At least annually or
at pre-determined organization changes
An organization will conduct a risk assessment to evaluate correct answers threats to its assets,
vulnerabilities present in the environment, the likelihood that a threat will be realized by taking
advantage of an exposure, the impact that the exposure being realized will have on the
organization, the residual risk
