Which of the following indicates an organization follows IT risk management best practice?

• A.The risk register is regularly updated.
• B.All fields in the risk register have been completed.
• C.Controls are listed against risk entries in the register.
• D.The risk register template uses an industry standard.

Comment: *

Name: *

Email: *

Verification: *

The BEST control to mitigate the risk associated with project scope creep is to:

• A.consult with senior management on a regular basis
• B.apply change management procedures
• C.ensure extensive user involvement
• D.deploy CASE tools in software development

Comment: *

Name: *

Email: *

Verification: *

When of the following 15 MOST important when developing a business case for a proposed security investment?

• A.Consideration of new business strategies
• B.identification of control requirements
• C.inclusion of strategy for regulatory compliance
• D.Alignment to business objectives

Comment: *

Name: *

Email: *

Verification: *

Which of the following steps ensure effective communication of the risk analysis results to relevant stakeholders? Each correct answer represents a complete solution. Choose three.

• A.The results should be reported in terms and formats that are useful to support business decisions
• B.Provide decision makers with an understanding of worst-case and most probable scenarios,due diligence exposures and significant reputation, legal or regulatory considerations
• C.Communicate the negative impacts of the events only, it needs more consideration
• D.Communicate the risk-return context clearly
• E.Explanation:
  The result of risk analysis process is being communicated to relevant stakeholders. The steps that are involved in communication are: The results should be reported in terms and formats that are useful to support business decisions. Coordinate additional risk analysis activity as required by decision makers, like reportrejection and scope adjustment Communicate the risk-return context clearly, which include probabilities of loss and/or gain, ranges, and confidence levels (if possible) that enable management to balance risk-return. Identify the negative impacts of events that drive response decisions as well as positive impacts of events that represent opportunities which should channel back into the strategy and objective setting process. Provide decision makers with an understanding of worst-case and most probable scenarios, due diligence exposures and significant reputation, legal or regulatory considerations.

Comment: *

Name: *

Email: *

Verification: *

Which of the following are the principles of access controls?
Each correct answer represents a complete solution. Choose three.

• A.Confidentiality
• B.Availability
• C.Reliability
• D.Integrity

Comment: *

Name: *

Email: *

Verification: *