Security Program Integration Professional
Certification (SPIPC) Questions with Definitive
Solutions.
What are the primary costs of conducting the risk management process? - Answer: • Time and
effort necessary to execute the five steps of the risk management process
What are the potential challenges security practitioners may face when enacting the risk
management process? - Answer: • Availability of information necessary to accurately determine
the likelihood and impact of undesirable events
Where can we get information to evaluate an organization's compliance with security policies? -
Answer: • Self-inspections
Where can we get information to evaluate the effectiveness of an organization's security
program? - Answer: • Incident reports
• Regressive analysis
• SME interviews (individuals involved in protecting Classified Military Information (CMI))
Page 1 of 6
, • Security planning documents
• Surveys and audits
• Information Systems (IS) Certification and Accreditation documentation
• Facility certification and accreditation documentation
Given the incident, what is an example of an organization complying with security policy, but
the measure(s) it implemented appear to be ineffective? - Answer: • The appropriate signage
and notices are posted in appropriate areas, but are potentially ineffective considering a history
of uncleared personnel gaining access to restricted areas.
How do security policies and programs contribute to managing risks to Department of Defense
(DoD) assets? - Answer: • Security policies manage risks to DoD assets by specifying baseline
requirements for protecting categories of DoD assets, and by identifying who is responsible and
accountable for executing those requirements.
• Security programs manage risks to DoD assets by administering those security policies and
ensuring hose baseline requirements are being executed per policy.
What is the purpose of the asset assessment
step of the risk management process? - Answer: • Identify assets requiring protection and/or
that are important to the organization and to national security
• Identify undesirable events and expected impacts
• Prioritize assets based on consequences of loss
What is the purpose of the threat assessment
step of the risk management process? - Answer: • Determine threats to identified assets
• Assess intent and capability of identified threats
• Assess current threat level for the identified assets
What is the purpose of the vulnerability
Page 2 of 6
Certification (SPIPC) Questions with Definitive
Solutions.
What are the primary costs of conducting the risk management process? - Answer: • Time and
effort necessary to execute the five steps of the risk management process
What are the potential challenges security practitioners may face when enacting the risk
management process? - Answer: • Availability of information necessary to accurately determine
the likelihood and impact of undesirable events
Where can we get information to evaluate an organization's compliance with security policies? -
Answer: • Self-inspections
Where can we get information to evaluate the effectiveness of an organization's security
program? - Answer: • Incident reports
• Regressive analysis
• SME interviews (individuals involved in protecting Classified Military Information (CMI))
Page 1 of 6
, • Security planning documents
• Surveys and audits
• Information Systems (IS) Certification and Accreditation documentation
• Facility certification and accreditation documentation
Given the incident, what is an example of an organization complying with security policy, but
the measure(s) it implemented appear to be ineffective? - Answer: • The appropriate signage
and notices are posted in appropriate areas, but are potentially ineffective considering a history
of uncleared personnel gaining access to restricted areas.
How do security policies and programs contribute to managing risks to Department of Defense
(DoD) assets? - Answer: • Security policies manage risks to DoD assets by specifying baseline
requirements for protecting categories of DoD assets, and by identifying who is responsible and
accountable for executing those requirements.
• Security programs manage risks to DoD assets by administering those security policies and
ensuring hose baseline requirements are being executed per policy.
What is the purpose of the asset assessment
step of the risk management process? - Answer: • Identify assets requiring protection and/or
that are important to the organization and to national security
• Identify undesirable events and expected impacts
• Prioritize assets based on consequences of loss
What is the purpose of the threat assessment
step of the risk management process? - Answer: • Determine threats to identified assets
• Assess intent and capability of identified threats
• Assess current threat level for the identified assets
What is the purpose of the vulnerability
Page 2 of 6
