Which of the following will BEST help ensure that risk factors identified during an information systems review are addressed?

• A.Informing business process owners of the risk
• B.Assigning action items and deadlines to specific individuals
• C.Reviewing and updating the risk register
• D.Implementing new control technologies

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST key performance indicator (KPI) to measure the maturity of an organization's security incident handling process?

• A.The number of recurring security incidents
• B.The number of security incidents escalated to senior management
• C.The number of newly identified security incidents
• D.The number of resolved security incidents

Comment: *

Name: *

Email: *

Verification: *

Which of the following would prompt changes in key risk indicator (KRI) thresholds?

• A.Changes in risk appetite or tolerance
• B.Modification to risk categories
• C.Knowledge of new and emerging threats
• D.Changes to the risk register

Comment: *

Name: *

Email: *

Verification: *

What is the IMMEDIATE step after defining set of risk scenarios?

• A.Risk mitigation
• B.Risk monitoring
• C.Risk management
• D.Risk analysis
• E.Explanation:
  Once the set of risk scenarios is defined, it can be used for risk analysis. In risk analysis, likelihood and impact of the scenarios are assessed. Important components of this assessment are the risk factors.

Comment: *

Name: *

Email: *

Verification: *

Which of the following MUST be assessed before considering risk treatment options for a scenario with significant impact?

• A.Risk magnitude
• B.Incident probability
• C.Cost-benefit analysis
• D.Risk appetite

Comment: *

Name: *

Email: *

Verification: *