Which of the following are the MOST important risk components that must be communicated among all the stakeholders?
Each correct answer represents a part of the solution. Choose three.

• A.Various risk response used in the project
• B.Expectations from risk management
• C.Current risk management capability
• D.Status of risk with regard to IT risk
• E.Explanation:
  The broad array of information and the major types of IT risk information that should be communicated are as follows: Expectations from risk management: They include risk strategy, policies, procedures, awareness training, uninterrupted reinforcement of principles, etc. This essential communication drives all subsequent efforts on risk management and sets the overall expectations from risk management. Current risk management capability: This allows monitoring of the status of the risk management engine in the enterprise. It is a key indicator for effective risk management and has predictive value for how well the enterprise is managing risk and reducing exposure. Status with regard to IT risk: This describes the actual status with regard to IT risk including information of risk profile of the enterprise, Key risk indicators (KRIs) to support management reporting on risk, event-loss data, root cause of loss events and options to mitigate risk.

Comment: *

Name: *

Email: *

Verification: *

Which among the following is the BEST reason for defining a risk response?

• A.To eliminate risk from the enterprise
• B.To ensure that the residual risk is within the limits of the risk appetite and tolerance
• C.To overview current status of risk
• D.To mitigate risk

Comment: *

Name: *

Email: *

Verification: *

What is the value of exposure factor if the asset is lost completely?

• A.1
• B.Infinity
• C.10
• D.0
• E.Explanation:
  Exposure Factor represents the impact of the risk over the asset, or percentage of asset lost. For
  example, if the Asset Value is reduced to two third, the exposure factor value is 0.66.
  Therefore, when the asset is completely lost, the Exposure Factor is 1.0.

Comment: *

Name: *

Email: *

Verification: *

After the implementation of internal of Things (IoT) devices, new risk scenarios were identified. What is the PRIMARY reason to report this information to risk owners?

• A.To reevaluate continued use to IoT devices
• B.The add new controls to mitigate the risk
• C.The recommend changes to the IoT policy
• D.To confirm the impact to the risk profile

Comment: *

Name: *

Email: *

Verification: *

A risk practitioner shares the results of a vulnerability assessment for a critical business application with the business manager. Which of the following is the NEXT step?

• A.Escalate the findings to senior management and internal audit.
• B.Develop a risk action plan to address the findings.
• C.Evaluate the impact of the vulnerabilities to the business application.
• D.Conduct a penetration test to validate the vulnerabilities from the findings.

Comment: *

Name: *

Email: *

Verification: *