Information
& Risk
Security
Management
Information
& Risk
Security
–
Management
Cybersecurity
& Risk –
Management
Cybersecurity
Principles,–
Threat
Cybersecurity
Principles,
Assessment
Threat
Principles,
and
Assessment
RiskThreat
Mitigation
and
Assessment
Risk
Study
Mitigation
Guide.pdf
and Risk
Study
Mitigation
Guide.pdf
Study Guide.pdf
Information
Security & Risk
Management –
Cybersecurity
Principles, Threat
Assessment and
Risk Mitigation
Study Guide
Information Security
Information
& Risk
Security
Management
Information
& Risk
Security
–
Management
Cybersecurity
& Risk –
Management
Cybersecurity
Principles,–
Threat
Cybersecurity
Principles,
Assessment
Threat
Principles,
and
Assessment
RiskThreat
Mitigation
and
Assessment
Risk
Study
Mitigation
Guide.pdf
and Risk
Study
Mitigation
Guide.pdf
Study Guide.pdf
,Info Security & Risk Management.pdf Info Security & Risk Management.pdf Info Security & Risk Management.pdf
Three major security goals promoted by ISC2 include Integrity, confidentiality, and availability.
which of the following?
Confidentiality, integrity, and
a. Usability, integrity, and availability availability are often called the CIA triad.
b. Integrity, confidentiality, and authenticity
c. Accuracy, assurance, and accountability
d. Confidentiality, integrity, and availability
Residual risk is calculated as which of the following? Potential risks minus covered risks.
a. Known risks minus unknown risks Potential risks include all possible and probable risks. Countermeasures cover
b. Actual risks minus probable risks some but not all potential risks.
c. Probable risks minus possible risks
d. Potential risks minus covered risks
Which of the following is the correct equation in risk Risk management = Risk Assessment + Risk Mitigation
management?
Risk management includes risk assessment and risk mitigation. Risk assessment is
a. Risk management = Risk research + Risk analysis also called risk analysis. Risk mitigation includes risk transfer, risk reduction, risk
avoidance, and risk acceptance. Risk research is a part of risk analysis.
b. Risk management = Risk analysis + Risk avoidance
c. Risk management = Risk assessment + Risk mitigation
d. Risk management = Risk transfer + Risk acceptance
Info Security & Risk Management.pdf Info Security & Risk Management.pdf Info Security & Risk Management.pdf
,Info Security & Risk Management.pdf Info Security & Risk Management.pdf Info Security & Risk Management.pdf
What can be done with the residual risk? It can be either assigned or accepted.
a. It can be either assigned or accepted Residual risk is the remaining risk after countermeasures (controls) cover the risk
population. The residual risk is either assigned to a third party (e.g., insurance
b. It can be either identified or evaluated company) or accepted by management as part of doing business. It may not be
cost effective to further reduce residual risk.
c. It can be either reduced or calculated
d. It can be either exposed or assessed
Which of the following is not part of risk analysis? Countermeasures
a. Assets Countermeasures and safeguards come after performing risk analysis. Risk
b. Threats analysis identifies the risks to system security and determines the probability of
c. Vulnerabilities occurrence, the resulting impact, and the additional safeguards that mitigate this
d. Countermeasures impact. Assets, threats, and vulnerabilities are part of risk analysis exercise.
Unacceptable risk is which of the following? 1&2
1. Attacker's cost < gain Unacceptable risk is a situation where an attacker's cost is less than gain and
2. Loss anticipated > threshold where loss anticipated by an organization is greater than its threshold level.
3. Attacker's cost > gain Choice (d) results in accepting the risk. The organization's goals should be to
4. Loss anticipated < threshold increase attacker's cost and to reduce an organization's loss.
Info Security & Risk Management.pdf Info Security & Risk Management.pdf Info Security & Risk Management.pdf
, Info Security & Risk Management.pdf Info Security & Risk Management.pdf Info Security & Risk Management.pdf
Security safeguards and controls cannot do which of the Risk analysis
following?
Risk analysis identifies the risks to system security and determines the probability
a. Risk reduction of occurrence, the resulting impact, and the additional safeguards that mitigate
b. Risk avoidance this
c. Risk elimination impact. Risks analysis is a management exercise performed before deciding on
d. Risk analysis specific safeguards and controls. Choices (a), (b), and (c) are part of risk
mitigation, which results from applying the selected safeguards and controls.
Selection and implementation of security controls refer Risk mitigation
to which of the following?
Risk mitigation involves the selection and implementation of security controls to
a. Risks analysis reduce risks to
b. Risk mitigation an acceptable level. Risk analysis is the same as risk assessment. Risk
c. Risk assessment management includes both risk analysis and risk mitigation.
d. Risk management
Which of the following is closely linked to risk Risk tolerance
acceptance?
Risk tolerance is the level of risk an entity or a manager is willing to assume or
a. Risk detection accept in order to achieve a potential desired result. Some managers accept
b. Risk prevention more risk than others due to their personal affinity toward risk.
c. Risk tolerance
d. Risk correction
Info Security & Risk Management.pdf Info Security & Risk Management.pdf Info Security & Risk Management.pdf