The PRIMARY benefit of maintaining an up-to-date risk register is that it helps to:

• A.ensure business unit risk uniformly distributed
• B.build a risk profile for management review
• C.quantify the organization's risk appetite
• D.implement uniform controls for common risk scenarios

Comment: *

Name: *

Email: *

Verification: *

You are working in an enterprise. You project deals with important files that are stored on the computer.
You have identified the risk of the failure of operations. To address this risk of failure, you have guided the system administrator sign off on the daily backup. This scenario is an example of which of the following?

• A.Risk avoidance
• B.Risk transference
• C.Risk acceptance
• D.Risk mitigation

Correct Answer: D

Explanation/Reference:
Explanation:
Mitigation is the strategy that provides for the definition and implementation of controls to address the risk described. Here in this scenario, you are trying to reduce the risk of operation failure by guiding administrator to take daily backup, hence it is risk mitigation.
Risk mitigation attempts to reduce the probability of a risk event and its impacts to an acceptable level.
Risk mitigation can utilize various forms of control carefully integrated together. The main control types are:
Managerial(e.g.,policies)

Technical (e.g., tools such as firewalls and intrusion detection systems)

Operational (e.g., procedures, separation of duties)

Preparedness activities

Incorrect Answers:
A: The scenario does not describe risk avoidance. Avoidance is a strategy that provides for not implementing certain activities or processes that would incur risk.
B: The scenario does not describe the sharing of risk. Transference is the strategy that provides for sharing risk with partners or taking insurance coverage.
C: The scenario does not describe risk acceptance, Acceptance is a strategy that provides for formal acknowledgment of the existence of a risk and the monitoring of that risk.

Comment: *

Name: *

Email: *

Verification: *

A risk practitioner is organizing risk awareness training for senior management. Which of the following is the MOST important topic to cover in the training session?

• A.Senior management allocation of risk management resources
• B.The organizations risk appetite and tolerance
• C.The organization's strategic risk management projects
• D.Senior management roles and responsibilities

Comment: *

Name: *

Email: *

Verification: *

Which of the following business requirements MOST relates to the need for resilient business and information systems processes?

• A.Confidentiality
• B.Effectiveness
• C.Integrity
• D.Availability
• E.Explanation:
  Availability relates to information being available when required by the business process in present as well as in future. Resilience is the ability to provide and maintain an acceptable level of service during disasters or when facing operational challenges. Hence they are most closely related.

Comment: *

Name: *

Email: *

Verification: *

An effective control environment is BEST indicated by controls that:

• A.minimize senior management's risk tolerance
• B.manage risk within the organization's risk appetite
• C.are cost-effective to implement
• D.reduce the thresholds of key risk indicators (KRIs)

Comment: *

Name: *

Email: *

Verification: *