FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 5: Risk Management

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

True/False

Review LaterAdd Note

Review Later

One advantage to benchmarking is that best practices change very little over time.

Correct Answer

verified

Show Answer

Question 2

True/False

Review LaterAdd Note

Review Later

When determining the relative importance of each asset, refer to the organization's mission statement or statement of objectives to determine which elements are essential, which are supportive, and which are merely adjuncts.

Correct Answer

verified

Show Answer

Question 3

True/False

Review LaterAdd Note

To determine if the risk to an information asset is acceptable or not, you estimate the expected loss the organization will incur if the risk is exploited.

The ____________________ risk control strategy attempts to eliminate or reduce any remaining uncontrolled risk through the application of additional controls and safeguards.

The __________ is the difference between an organization's observed and desired performance.

A data classification scheme is a formal access control methodology used to assign a level of  availability to an information asset and thus restrict the number of people who can access it.

Operational feasibility is also known as behavioral feasibility. _________________________

A security clearance is a component of a data classification scheme that assigns a status level to systems to designate the maximum level of classified data that may be stored on them.

Using the simplified information classification scheme outlined in the text, all information that has been approved by management for public release has a(n) ____________________ classification.

The value of information to the organization's competition should influence the asset's valuation.

When organizations adopt security measures for a legal defense, they may need to show that they have done what any prudent organization would do in similar circumstances. This is referred to as __________.

Management of classified data includes its storage and _________.

The mitigation control strategy attempts to reduce the impact of a successful attack through planning and preparation. _________________________

In a cost-benefit analysis, a single loss expectancy (SLE) is the calculated value associated with the most likely loss from an attack; the SLE is the product of the asset's value and the annualized loss expectancy.

In addition to their other responsibilities, the three communities of interest are responsible for determining which control options are cost effective for the organization.

____________________ include information and the systems that use, store, and transmit information.

Within a data classification scheme, "comprehensive" means that an information asset should fit in only one category.

Behavioral feasibility is also known as ____________________.

Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level.

Residual risk is the risk that has not been removed, shifted, or planned for after vulnerabilities have been completely resolved.