CRISC Questions With Answers 100%
Correct
4 main objectives of Risk Governance 1. Establish and maintain a common risk view
2. Integrate Risk Management into the enterprise
3. Make risk-aware business decisions
4. Ensure that risk management controls are implemented and operating correctly
Governance answers 4 questions 1. Are we doing the right things?
2. Are we doing them the right way?
3. Are we getting them done well
4. Are we getting the benefits?
The IT risk Management Life Cycle 1. Identification
2. Assessment
3. Response and Mitigation
4. Monitoring and Reporting
the role of IT is to serve the business
, CRISC Questions With Answers 100%
Correct
CSF stands for Critical Success Factor, such as the relationship between the Business Unit
and Information Technology
Business continuity starts where risk management ends
IS audit is an important part of corporate governance
NIST states that an organization must provide risk-based cost effective ... controls
IT risk drives the selection of ____ and justitifies the choice and operation of a _________.
control(s)
Control failure is when a control is not operating correctly, is the wrong control, is
configured incorrectly, or inadequate to address new threats.
Ways to determine IT project failure 1. Over budget
2. over time allotted
, CRISC Questions With Answers 100%
Correct
3. failure to meet customer needs and expectations
The success of the IT risk management effort is usually based on having an organization wide
perspective of risk following a ________________________ structured methodology and
gathering correct information
To be effective, risk management should be applied to:
A.
those elements identified by a risk assessment.
B.
any area that exceeds acceptable risk levels.
C.
all organizational activities.
D.
, CRISC Questions With Answers 100%
Correct
only those areas that have potential impact. C. While not all organizational activities will
pose an unacceptable risk, the practice of risk management is ideally applied to all organizational
activities.
Which of the following is the BEST indicator that incident response training is effective?
A.
Decreased reporting of security incidents to the incident response team
B.
Increased reporting of security incidents to the incident response team
C.
Decreased number of password resets
D.
Increased number of identified system vulnerabilities B. Increased reporting of incidents
is a good indicator of user awareness, but increased reporting of valid incidents is the best
Correct
4 main objectives of Risk Governance 1. Establish and maintain a common risk view
2. Integrate Risk Management into the enterprise
3. Make risk-aware business decisions
4. Ensure that risk management controls are implemented and operating correctly
Governance answers 4 questions 1. Are we doing the right things?
2. Are we doing them the right way?
3. Are we getting them done well
4. Are we getting the benefits?
The IT risk Management Life Cycle 1. Identification
2. Assessment
3. Response and Mitigation
4. Monitoring and Reporting
the role of IT is to serve the business
, CRISC Questions With Answers 100%
Correct
CSF stands for Critical Success Factor, such as the relationship between the Business Unit
and Information Technology
Business continuity starts where risk management ends
IS audit is an important part of corporate governance
NIST states that an organization must provide risk-based cost effective ... controls
IT risk drives the selection of ____ and justitifies the choice and operation of a _________.
control(s)
Control failure is when a control is not operating correctly, is the wrong control, is
configured incorrectly, or inadequate to address new threats.
Ways to determine IT project failure 1. Over budget
2. over time allotted
, CRISC Questions With Answers 100%
Correct
3. failure to meet customer needs and expectations
The success of the IT risk management effort is usually based on having an organization wide
perspective of risk following a ________________________ structured methodology and
gathering correct information
To be effective, risk management should be applied to:
A.
those elements identified by a risk assessment.
B.
any area that exceeds acceptable risk levels.
C.
all organizational activities.
D.
, CRISC Questions With Answers 100%
Correct
only those areas that have potential impact. C. While not all organizational activities will
pose an unacceptable risk, the practice of risk management is ideally applied to all organizational
activities.
Which of the following is the BEST indicator that incident response training is effective?
A.
Decreased reporting of security incidents to the incident response team
B.
Increased reporting of security incidents to the incident response team
C.
Decreased number of password resets
D.
Increased number of identified system vulnerabilities B. Increased reporting of incidents
is a good indicator of user awareness, but increased reporting of valid incidents is the best
