What is the value of exposure factor if the asset is lost completely?

• A.1
• B.Infinity
• C.10
• D.0

Comment: *

Name: *

Email: *

Verification: *

Shawn is the project manager of the HWT project. In this project Shawn's team reports that they have found a way to complete the project work cheaply than what was originally estimated earlier. The project team presents a new software that will help to automate the project work. While the software and the associated training costs $25,000 it will save the project nearly $65,000 in total costs. Shawn agrees to the software and changes the project management plan accordingly. What type of risk response had been used by him?

• A.Avoiding
• B.Accepting
• C.Exploiting
• D.Enhancing

Comment: *

Name: *

Email: *

Verification: *

Which of the following laws applies to organizations handling health care information?

• A.GLBA
• B.HIPAA
• C.SOX
• D.FISMA
• E.Explanation:
  HIPAA handles health care information of an organization.
  The Health Insurance Portability and Accountability Act (HIPAA) were introduced in 1996. It
  ensures that health information data is protected. Before HIPAA, personal medical information was
  often available to anyone. Security to protect the data was lax, and the data was often misused.
  If your organization handles health information, HIPAA applies. HIPAA defines health information
  as any data that is created or received by health care providers, health plans, public health
  authorities, employers, life insurers, schools or universities, and health care clearinghouses.
  HIPAA defines any data that is related to the health of an individual, including past/present/future
  health, physical/mental health, and past/present/future payments for health care.
  Creating a HIPAA compliance plan involves following phases:
  Assessment: An assessment helps in identifying whether organization is covered by HIPAA. If it is,
  then further requirement is to identify what data is needed to protect.
  Risk analysis: A risk analysis helps to identify the risks. In this phase, analyzing method of
  handling data of organization is done.
  Plan creation: After identifying the risks, plan is created. This plan includes methods to reduce the
  risk.
  Plan implementation: In this plan is being implemented.
  Continuous monitoring: Security in depth requires continuous monitoring. Monitor regulations for
  changes. Monitor risks for changes.
  Monitor the plan to ensure it is still used.
  Assessment: Regular reviews are conducted to ensure that the organization remains in
  compliance.
• F.is incorrect. SOX designed to hold executives and board members personally
  responsible for financial data.
• G.is incorrect. GLBA is not used for handling health care information.

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the MOST useful information to determine risk exposure following control implementations?

• A.Risk escalation and process for communication
• B.Strategic plan and risk management integration
• C.Risk limits, thresholds, and indicators
• D.Policies, standards, and procedures

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to the integrity of a security log?

• A.Least privilege access
• B.Inability to edit
• C.Ability to overwrite
• D.Encryption

Comment: *

Name: *

Email: *

Verification: *