A highly regulated organization acquired a medical technology startup company that processes sensitive personal information with weak data protection controls. Which of the following is the BEST way for the acquiring company to reduce its risk while still enabling the flexibility needed by the startup company?

• A.Have the data privacy officer review the startup company's data protection policies.
• B.Classify and protect the data according to the parent company's internal standards.
• C.Identify previous data breaches using the startup company's audit reports.
• D.Implement a firewall and isolate the environment from the parent company's network.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of GHT project. You identified a risk of noncompliance with regulations due to missing of a number of relatively simple procedures.
The response requires creating the missing procedures and implementing them. In which of the following risk response prioritization should this case be categorized?

• A.Business case to be made
• B.Quick win
• C.Risk avoidance
• D.Deferrals
• E.Explanation:
  This is categorized as a "quick win" because the allocation of existing resources or a minor resource investment provides measurable benefits. Quick win is very effective and efficient response that addresses medium to high risk.

Comment: *

Name: *

Email: *

Verification: *

Which of the following role carriers is accounted for analyzing risks, maintaining risk profile, and risk-aware decisions?

• A.Business management
• B.Business process owner
• C.Chief information officer (CIO)
• D.Chief risk officer (CRO)
• E.Explanation:
  Business management is the business individuals with roles relating to managing a program. They are typically accountable for analyzing risks, maintaining risk profile, and risk-aware decisions. Other than this, they are also responsible for managing risks, react to events, etc.

Comment: *

Name: *

Email: *

Verification: *

Which of the following activities should be performed FIRST when establishing IT risk management processes?

• A.Assess the goals and culture of the organization.
• B.Identify the risk appetite of the organization.
• C.Collect data of past incidents and lessons learned.
• D.Conduct a high-level risk assessment based on the nature of business.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to ensure that outsourced service providers comply with the enterprise's information security policy?

• A.Penetration testing
• B.Service level monitoring
• C.Security awareness training
• D.Periodic audits

Comment: *

Name: *

Email: *

Verification: *