CH.8 Risk Management: identifying and assessing risk (Well-enlightened)

In any well-developed risk management program, two formal processes are at work correct answers Risk identification and assessment Risk control Information security departments are created correct answers primarily to manage IT risk Managing risk correct answers is one of the key responsibilities of every manager within the organization Sun Tzu correct answers "If you know the enemy and know yourself, you need not fear the result of a hundred battles If you know yourself but not the enemy, for every victory gained you will also suffer a defeat If you know neither the enemy nor yourself, you will succumb in every battle" Knowing Yourself correct answers Identifying, examining and understanding the information and how it is processed, stored, and transmitted Armed with this knowledge, one can initiate an in-depth risk management program Risk management is a process correct answers Safeguards and controls that are devised and implemented are not install-and-forget devices Knowing the Enemy correct answers Identifying, examining, and understanding the threats facing the organization's information assets -Must fully identify those threats that pose risks to the organization and the security of its information assets Risk management correct answers The process of assessing the risks to an organization's information and determining how those risks can be controlled or mitigated Accountability for Risk Management correct answers Communities of interest must work together Evaluating the risk controls Determining which control options are cost-effective Acquiring or installing the appropriate controls Overseeing processes to ensure that the controls remain effective Identifying risks Assessing risks Summarizing the findings Risk Identification correct answers Risk identification begins with the process of self-examination -Managers identify the organization's information assets