Computer Security: Principles and
Practice (4th) Ch. 14 Security
Management & Risk Assessment
Question and answers rated A+
2025/2026
Asset - correct answer ✔A system resource or capability of value to its owner that requires protection.
Consequence - correct answer ✔A Risk Analysis specification that indicates the impact on the
organization should a particular threat actually eventuate.
Control - correct answer ✔A management, operational, and technical process and procedure that act
to reduce the exposure of the organization to some risk by reducing the ability of a threat source to
exploit some vulnerability.
IT security management - correct answer ✔The formal process used to develop and maintain
appropriate levels of computer security for an organization's asset, by preserving their confidentiality,
integrity, availability, authenticity, and reliability.
Level of risk - correct answer ✔A Risk Analysis metric that is typically determined after likelihood and
consequence of each threat have been identified, and is given values (e.g. insignificant, minor,
moderate, major, catastrophic, & doomsday) that details the risk the risk level assigned to each
combination.
Likelihood - correct answer ✔A Risk Analysis metric that quantifies the likelihood that an identified
threat could occur and cause harm to some asset.
Practice (4th) Ch. 14 Security
Management & Risk Assessment
Question and answers rated A+
2025/2026
Asset - correct answer ✔A system resource or capability of value to its owner that requires protection.
Consequence - correct answer ✔A Risk Analysis specification that indicates the impact on the
organization should a particular threat actually eventuate.
Control - correct answer ✔A management, operational, and technical process and procedure that act
to reduce the exposure of the organization to some risk by reducing the ability of a threat source to
exploit some vulnerability.
IT security management - correct answer ✔The formal process used to develop and maintain
appropriate levels of computer security for an organization's asset, by preserving their confidentiality,
integrity, availability, authenticity, and reliability.
Level of risk - correct answer ✔A Risk Analysis metric that is typically determined after likelihood and
consequence of each threat have been identified, and is given values (e.g. insignificant, minor,
moderate, major, catastrophic, & doomsday) that details the risk the risk level assigned to each
combination.
Likelihood - correct answer ✔A Risk Analysis metric that quantifies the likelihood that an identified
threat could occur and cause harm to some asset.
