Security Program Integration Professional Certification / 2023 solved

1. What is the purpose of the asset assessment step of the risk management process?: • Identify assets requiring protection and/or that are important to the organization and to national security Identify undesirable events and expected impacts • Prioritize assets based on consequences of loss 2. What is the purpose of the threat assessment step of the risk management process?: • Determine threats to identified assets • Assess intent and capability of identified threats • Assess current threat level for the identified assets 3. What is the purpose of the vulnerability assessment step of the risk management process?: • Identify existing countermeasures and their level of effectiveness in reducing vulnerabilities • Identify potential vulnerabilities related to identified assets and their undesirable events • Identify current vulnerability level for the identified assets that can be exploited by the identified threats 4. What is the purpose of the risk assessment step of the risk management process?: • Integrate information about the impact of undesirable events (collect- ed during the asset assessment step) and the likelihood of undesirable events (based on information collected during the threat and vulnerability assessment steps) to determine risks to identified assets 5. What is the purpose of the countermeasure determination step of the risk management process?: • Identify potential countermeasures to reduce vulnera- bility and/or threat and/or impact • Identify countermeasure benefits in terms of risk reduction • Identify countermeasure costs • Conduct cost/benefit analysis • Prioritize options and prepare recommendation for decision maker 6. What is the primary benefit of conducting the risk management process?: • National-level security policy endorses a holistic risk management approach, al- lowing decision makers to effectively allocate resources that provide the necessary security to assets that match the threat to those assets 7. What are the primary costs of conducting the risk management process?: • Time and effort necessary to execute the five steps of the risk management process 8. What are the potential challenges security practitioners may face when enacting the risk management process?: • Availability of information necessary to accurately determine the likelihood and impact of undesirable events 9. Where can we get information to evaluate an organization's compliance with security policies?: • Self-inspections 10. Where can we get information to evaluate the effectiveness of an organi- zation's security program?: • Incident reports • Regressive analysis • SME interviews (individuals involved in protecting Classified Military Information (CMI)) • Security planning documents • Surveys and audits • Information Systems (IS) Certification and Accreditation documentation • Facility certification and accreditation documentation 11. Given the incident, what is an example of an organization complying with security policy, but the measure(s) it implemented appear to be ineffective?: • The appropriate signage and notices are posted in appropriate areas, but are potentially ineffective considering a history of uncleared personnel gaining access to restricted areas.