Which of the following assets are the examples of intangible assets of an enterprise?
Each correct answer represents a complete solution. Choose two.

• A.Customer trust
• B.Information
• C.People
• D.Infrastructure

Comment: *

Name: *

Email: *

Verification: *

Who should be PRIMARILY responsible for establishing an organization's IT risk culture?

• A.Executive management
• B.Risk management
• C.Business process owner
• D.IT management

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements describes the relationship between key risk indicators (KRIs) and key control indicators (KCIs)?

• A.KRI design must precede definition of KCIs.
• B.Both KRIs and KCIs provide insight to potential changes in the level of risk.
• C.KCIs and KRIs are independent indicators and do not impact each other.
• D.A decreasing trend of KRI readings will lead to changes to KCIs.

Comment: *

Name: *

Email: *

Verification: *

Who should be responsible for implementing and maintaining security controls?

• A.Data custodian
• B.End user
• C.Data owner
• D.Internal auditor

Comment: *

Name: *

Email: *

Verification: *

During testing, a risk practitioner finds the IT department's recovery time objective (RTO) for a key system does not align with the enterprise's business continuity plan (BCP). Which of the following should be done NEXT?

• A.Consult with the IT department to update the RTO
• B.Report the gap to senior management
• C.Consult with the business owner to update the BCP
• D.Complete a risk exception form.

Comment: *

Name: *

Email: *

Verification: *