Which of the following is the FIRST step when conducting a business impact analysis (BIA)?

• A.Identifying events impacting continuity of operations;
• B.Creating a data classification scheme
• C.Identifying critical information assets
• D.Analyzing previous risk assessment results

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of your enterprise. You have introduced an intrusion detection system for the control. You have identified a warning of violation of security policies of your enterprise. What type of control is an intrusion detection system (IDS)?

• A.Detective
• B.Corrective
• C.Preventative
• D.Recovery
• E.Explanation:
  An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system. Intrusion detection and prevention systems (IDPS) are primarily focused on identifying possible incidents, logging information about them, and reporting attempts. In addition, organizations use IDPS for other purposes,such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies. As IDS detects and gives warning when the violation of security policies of the enterprise occurs, it is a detective control.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the FIRST step when developing a business case to drive the adoption of a risk remediation project by senior management?

• A.Identifying the objectives
• B.Calculating the cost
• C.Determining the stakeholders
• D.Analyzing cost-effectiveness

Comment: *

Name: *

Email: *

Verification: *

An interruption in business productivity is considered as which of the following risks?

• A.Reporting risk
• B.Operational risk
• C.Legal risk
• D.Strategic risk

Correct Answer: B

Explanation/Reference:
Explanation:
Operation risks encompass any potential interruption in business. Operational risks are those risk that are associated with the day-to-day operations of the enterprise. They are generally more detailed as compared to strategic risks. It is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Some sub-categories of operational risks include:
Organizational or management related risks

Information security risks

Production, process, and productivity risks

Profitability operational risks

Business interruption risks

Project activity risks

Contract and product liability risks

Incidents and crisis

Illegal or malicious acts

Incorrect Answers:
A: Reporting risks are those occurrences which prevent accurate and timely reporting.
C: Legal risks are dealing with those events which can deteriorate the company's legal status. Legal compliance is the process or procedure to ensure that an organization follows relevant laws, regulations and business rules. The definition of legal compliance, especially in the context of corporate legal departments, has recently been expanded to include understanding and adhering to ethical codes within entire professions, as well. Hence legal and compliance risk has the potential to deteriorate company's legal or regulatory status.
D: Strategic risks have potential which breaks in obtaining strategic objectives. Since the strategic objective will shape and impact the entire organization, the risk of not meeting that objective can impose a great threat on the organization.

Comment: *

Name: *

Email: *

Verification: *

Which of the following terms is described in the statement below?
"They are the prime monitoring indicators of the enterprise, and are highly relevant and possess a high probability of predicting or indicating important risk."

• A.Key risk indicators
• B.Lag indicators
• C.Lead indicators
• D.Risk indicators

Comment: *

Name: *

Email: *

Verification: *