When evaluating enterprise IT risk management it is MOST important to:

• A.create new control processes to reduce identified IT risk scenarios
• B.review alignment with the organization's investment plan
• C.confirm the organization s risk appetite and tolerance
• D.report identified IT risk scenarios to senior management

Comment: *

Name: *

Email: *

Verification: *

An organization's HR department has implemented a policy requiring staff members to take a minimum of five consecutive days leave per year to mitigate the risk of malicious insider activities. Which of the following is the BEST key performance indicator (KPI) of the effectiveness of this policy?

• A.Financial loss incurred due to malicious activities during staff members' leave
• B.Percentage of staff members seeking exception to the policy
• C.Number of malicious activities occurring during staff members' leave
• D.Percentage of staff members taking leave according to the policy

Comment: *

Name: *

Email: *

Verification: *

You are the risk control professional of your enterprise. You have implemented a tool that correlates information from multiple sources. To which of the following do this monitoring tool focuses?

• A.Transaction data
• B.Process integrity
• C.Configuration settings
• D.System changes

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an administrative control?

• A.Water detection
• B.Reasonableness check
• C.Data loss prevention program
• D.Session timeout

Comment: *

Name: *

Email: *

Verification: *

Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?

• A.Control owner
• B.Risk owner
• C.Data owner
• D.System owner

Comment: *

Name: *

Email: *

Verification: *