Which of the following is not a risk management technique?
A CBA is an effort to
Compare the impact of a realized risk to the economic risk associated with managing it
Which of the following is not a technique for mitigating vulnerabilities? Programming bugs
A DoS attack is a threat action affecting which IT domain?
To which of the following does HIPAA apply?
Health insurance companies
To which of the following does FERPA apply?
Which of the following standards contains eight principles specific to security? GAISP
Which of the following standards gives detailed descriptions of IT practices and comprehensive checklists, tasks, and procedures that can be tailed by IT organizations to fit their needs? ITIL
Which agency enforces the SOX
Which of the following is not a step in the risk control process? Risk identification
Which of the following is responsible for planning, budgeting, and performance of information system security? IT management
Who must make trade off decisions regarding system security? System and information owners
Who develops appropriate training materials for risk management? Security awareness personnel
Which of the following is a goal of an organization's risk management? Ability to perform the mission
Which of the following is not a step in performing a RA?
Organizing company assets
Why is RA a good idea?
Which of the following is a type of RA?
Which of the following is not a threat?
Poor firewall configuration
What is scope?
Extent or range of view, outlook, application, operation, and effectiveness
Which of the following is a technique for identifying threats? Review historical data
Which of the following is an example of administrative control? Policies and procedures
Audits are part of what type of assessment
Which of the following is a technical control?
Which of the following is a type of risk mitigation security control? Planned controls
Risk mitigation planning starts with which of the following? Asset inventory
Identifying the criticality of business operations is a step in which of the following processes? BIA
Which of the following documents identifies an expected level of performance between organizations? Service level agreements (SLA)
When reviewing the R = T x V for any given scenario, and examining a previous employee (T) with a (V) of interactive accounts that are not deleted, what is an effective counter measure? Account management policy
Costs incurred in the reduction of risk often include what costs? Hidden
In risk management, MAO stands for?
Maximum acceptable outage
In a BIA, the loss of immediate sales and cash flow is an example of which of the following? Direct cost
Which of the following is the most important item when identifying recovery requirements? RTO
Preliminary system information, system points of contact (POC), system resources, critical roles, and tables linking and identifying resources can all be found in a ? BIA report
TRUE or FALSE: A company meets its business objectives only if it has motivated employees and satisfied customers False
Which of the following plans focuses on restoring and recovering IT function? DRP
Which of the following has a key objective to identify the CBFs as well as the critical processes supporting the CBFs? BIA
Which among the following determines the acceptable down times for CBFs, processes, and IT service in BIA? MAO
Which of the following is a person who usually manages multiple BCP projects within a large organization? BCP program manager
EMT, DAT, TRT team members work on which of the following?
BCP and BIA
Critical success factors for DRP plans are?