Which of the following should be PRIMARILY considered while designing information systems controls?

• A.The IT strategic plan
• B.The existing IT environment
• C.The organizational strategic plan
• D.The present IT budget
• E.Explanation:
  Review of the enterprise's strategic plan is the first step in designing effective IS controls that
  would fit the enterprise's long-term plans.
• F.is incorrect. Review of the existing IT environment is also useful and necessary but is
  not the first step that needs to be undertaken.
• G.is incorrect. The present IT budget is just one of the components of the strategic plan.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST helpful in identifying gaps between the current and desired state of the IT risk environment?

• A.Reviewing guidance from industry best practices and standards
• B.Evaluating risk scenarios and assessing current controls
• C.Analyzing risk appetite and tolerance levels
• D.Assessing identified risk and recording results in the risk register

Comment: *

Name: *

Email: *

Verification: *

Suppose you are working in Techmart Inc. which sells various products through its website. Due to some recent losses, you are trying to identify the most important risks to the Website. Based on feedback from several experts, you have come up with a list. You now want to prioritize these risks. Now in which category you would put the risk concerning the modification of the Website by unauthorized parties.

• A.Ping Flooding Attack
• B.Web defacing
• C.Denial of service attack
• D.FTP Bounce Attack

Comment: *

Name: *

Email: *

Verification: *

A web-based service provider with a low risk appetite for system outages is reviewing its current risk profile for online security. Which of the following observations would be MOST relevant to escalate to senior management?

• A.An increase in attempted distributed denial of service (DDoS) attacks
• B.An increase in attempted website phishing attacks
• C.A decrease in remediated web security vulnerabilities
• D.A decrease in achievement of service level agreements (SLAs)

Comment: *

Name: *

Email: *

Verification: *

In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities.
The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:

• A.continuous data backup controls.
• B.encryption for data at rest.
• C.encryption for data in motion.
• D.two-factor authentication.

Comment: *

Name: *

Email: *

Verification: *