Which of the following BEST measures the efficiency of an incident response process?

• A.Number of incidents lacking responses
• B.Number of incidents escalated to management
• C.Average time between changes and updating of escalation matrix
• D.Average gap between actual and agreed response times

Comment: *

Name: *

Email: *

Verification: *

Which of the following approaches would BEST help to identify relevant risk scenarios?

• A.Escalate the situation to risk leadership
• B.Engage internal audit for risk assessment workshops
• C.Review system and process documentation
• D.Engage line management in risk assessment workshops

Comment: *

Name: *

Email: *

Verification: *

The BEST way to justify the risk mitigation actions recommended in a risk assessment would be to:

• A.focus on the business drivers
• B.reference best practice
• C.benchmark with competitor's actions
• D.align with audit results

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST helpful in aligning IT risk with business objectives?

• A.Introducing an approved IT governance framework
• B.Integrating the results of top-down risk scenario analyses
• C.Performing a business impact analysis (BlA)
• D.Implementing a risk classification system

Comment: *

Name: *

Email: *

Verification: *

To which level the risk should be reduced to accomplish the objective of risk management?

• A.To a level where ALE is lower than SLE
• B.To a level where ARO equals SLE
• C.To a level that an organization can accept
• D.To a level that an organization can mitigate
• E.Explanation:
  The main objective of risk management is to reduce risk to a level that the organization or company will accept, as the risk can never be completely eliminated.

Comment: *

Name: *

Email: *

Verification: *