Capability maturity models are the models that are used by the enterprise to rate itself in terms of the least mature level to the most mature level. Which of the following capability maturity levels shows that the enterprise does not recognize the need to consider the risk management or the business impact from IT risk?

• A.Level 2
• B.Level 0
• C.Level 3
• D.Level 1

Correct Answer: B

Explanation/Reference:
Explanation:
0 nonexistent: An enterprise's risk management capability maturity level is 0 when:
The enterprise does not recognize the need to consider the risk management or the business impact

from IT risk.
Decisions involving risk lack credible information.

Awareness of external requirements for risk management and integration with enterprise risk

management (ERM) do not exists.
Incorrect Answers:
A, C, D: These all are higher levels of capability maturity model and in this enterprise is mature enough to recognize the importance of risk management.

Comment: *

Name: *

Email: *

Verification: *

When prioritizing risk response, management should FIRST:

• A.evaluate the risk response of similar organizations.
• B.determine which risk factors have high remediation costs
• C.evaluate the organization s ability and expertise to implement the solution.
• D.address high risk factors that have efficient and effective solutions.

Comment: *

Name: *

Email: *

Verification: *

Which of the following operational risks ensures that the provision of a quality product is not overshadowed by the production costs of that product?

• A.Information security risks
• B.Contract and product liability risks
• C.Project activity risks
• D.Profitability operational risks

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements BEST describes policy?

• A.A minimum threshold of information security controls that must be implemented
• B.A checklist of steps that must be completed to ensure information security
• C.An overall statement of information security scope and direction
• D.A technology-dependent statement of best practices

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective inhibitor of relevant and efficient communication?

• A.A false sense of confidence at the top on the degree of actual exposure related to IT and lack of a well- understood direction for risk management from the top down
• B.The perception that the enterprise is trying to cover up known risk from stakeholders
• C.Existence of a blame culture
• D.Misalignment between real risk appetite and translation into policies

Comment: *

Name: *

Email: *

Verification: *