Which of the following is MOST important to understand when determining an appropriate risk assessment approach?

• A.Management culture
• B.Threats and vulnerabilities
• C.Value of information assets
• D.Complexity of the IT infrastructure

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to have in place to ensure the effectiveness of risk and security metrics reporting?

• A.Organizational reporting process.
• B.Incident reporting procedures.
• C.Regularly scheduled audits.
• D.Incident management policy.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should management consider when selecting a risk mitigation option?

• A.Cost of control implementation
• B.Reliability of key risk indicators (KPIs)
• C.Reliability of key performance indicators (KPIs)
• D.Maturity of the enterprise architecture

Comment: *

Name: *

Email: *

Verification: *

Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level to the most mature level. Which of the following capability maturity levels shows that the enterprise does not recognize the need to consider the risk management or the business impact from IT risk?

• A.Level 2
• B.Level 0
• C.Level 3
• D.Level 1

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST beneficial as a key risk indicator (KRI)?

• A.Project cost variances
• B.Current capital allocation reserves
• C.Negative security return on investment (ROI)
• D.Annualized loss projections

Comment: *

Name: *

Email: *

Verification: *