Which of the following is the MOST important factor when deciding on a control to mitigate risk exposure?

• A.Relevance to the business process
• B.Cost-benefit analysis
• C.Regulatory compliance requirements
• D.Comparison against best practice

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be included in a risk assessment report to BEST facilitate senior management's understanding of the results?

• A.The possible impact of internal and external risk factors on the assessment results
• B.A risk heat map with a summary of risk identified and assessed
• C.Tools and techniques used by risk owners to perform the assessments
• D.Benchmarking parameters likely to affect the results

Comment: *

Name: *

Email: *

Verification: *

Who should have the authority to approve an exception to a control?

• A.information security manager
• B.Risk manager
• C.Risk owner
• D.Control owner

Comment: *

Name: *

Email: *

Verification: *

The risk associated with data loss from a website which contains sensitive customer information is BEST owned by:

• A.the business process owner
• B.the third-party website manager
• C.IT security
• D.the compliance manager

Comment: *

Name: *

Email: *

Verification: *

Which of the following characteristics of risk controls can be defined as under?
"The separation of controls in the production environment rather than the separation in the design and implementation of the risk"

• A.Trusted source
• B.Secure
• C.Distinct
• D.Independent

Comment: *

Name: *

Email: *

Verification: *