441 Exam 3
The approach known as the avoidance strategy is more properly known as the __________ risk
treatment strategy.
Defense
The ISO 27005 Standard for InfoSec Risk Management has a five-stage management
methodology that includes risk treatment and risk communication.
True
0:10
/
0:15
Brainpower
Read More
In which technique does a group rate or rank a set of information, compile the results, and
repeat until everyone is satisfied with the result?
Delphi
The criterion most commonly used when evaluating a strategy to implement InfoSec controls
and safeguards is economic feasibility.
True
Also known as an economic feasibility study, the formal assessment and presentation of the
economic expenditures needed for a particular security control, contrasted with its projected
value to the organization, is known as __________.
cost-benefit analysis (CBA)
The __________ risk treatment strategy attempts to eliminate or reduce any remaining
uncontrolled risk through the application of additional controls and safeguards in an effort to
change the likelihood of a successful attack on an information asset.
Defense
Application of training and education among other approach elements is a common method of
which risk treatment strategy?
, Defense
The risk treatment strategy that attempts to shift risk to other assets, other processes, or other
organizations is known as the defense risk treatment strategy. __________
False
Due care and due diligence occur when an organization adopts a certain minimum level of
security—that is, what any prudent organization would do in similar circumstances.
True
In a cost-benefit analysis, the expected frequency of an attack expressed on a per-year basis is
known as the annualized risk of likelihood. __________
False
What is the result of subtracting the postcontrol annualized loss expectancy and the annualized
cost of the safeguard from the precontrol annualized loss expectancy?
cost-benefit analysis
The risk treatment strategy that indicates the organization is willing to accept the current level of
risk and do nothing further to protect an information asset is known as the termination risk
treatment strategy. ____________
False
Which of the following risk treatment strategies describes an organization's efforts to reduce
damage caused by a realized incident or disaster?
mitigation
The __________ risk treatment strategy eliminates all risk associated with an information asset
by removing it from service.
termination
The approach known as the avoidance strategy is more properly known as the __________ risk
treatment strategy.
Defense
The ISO 27005 Standard for InfoSec Risk Management has a five-stage management
methodology that includes risk treatment and risk communication.
True
0:10
/
0:15
Brainpower
Read More
In which technique does a group rate or rank a set of information, compile the results, and
repeat until everyone is satisfied with the result?
Delphi
The criterion most commonly used when evaluating a strategy to implement InfoSec controls
and safeguards is economic feasibility.
True
Also known as an economic feasibility study, the formal assessment and presentation of the
economic expenditures needed for a particular security control, contrasted with its projected
value to the organization, is known as __________.
cost-benefit analysis (CBA)
The __________ risk treatment strategy attempts to eliminate or reduce any remaining
uncontrolled risk through the application of additional controls and safeguards in an effort to
change the likelihood of a successful attack on an information asset.
Defense
Application of training and education among other approach elements is a common method of
which risk treatment strategy?
, Defense
The risk treatment strategy that attempts to shift risk to other assets, other processes, or other
organizations is known as the defense risk treatment strategy. __________
False
Due care and due diligence occur when an organization adopts a certain minimum level of
security—that is, what any prudent organization would do in similar circumstances.
True
In a cost-benefit analysis, the expected frequency of an attack expressed on a per-year basis is
known as the annualized risk of likelihood. __________
False
What is the result of subtracting the postcontrol annualized loss expectancy and the annualized
cost of the safeguard from the precontrol annualized loss expectancy?
cost-benefit analysis
The risk treatment strategy that indicates the organization is willing to accept the current level of
risk and do nothing further to protect an information asset is known as the termination risk
treatment strategy. ____________
False
Which of the following risk treatment strategies describes an organization's efforts to reduce
damage caused by a realized incident or disaster?
mitigation
The __________ risk treatment strategy eliminates all risk associated with an information asset
by removing it from service.
termination
