Which of the following should be the PRIMARY goal of developing information security metrics?

• A.Enabling continuous improvement
• B.Raising security awareness
• C.Ensuring regulatory compliance
• D.Identifying security threats

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important requirement for monitoring key risk indicators (KRls) using log analysis?

• A.Obtaining logs m an easily readable format
• B.Collecting logs from the entire set of IT systems
• C.Providing accurate logs m a timely manner
• D.implementing an automated log analysis tool

Comment: *

Name: *

Email: *

Verification: *

Which of the following is BEST described by the definition below?
"They are heavy influencers of the likelihood and impact of risk scenarios and should be taken into account during every risk analysis, when likelihood and impact are assessed."

• A.Obscure risk
• B.Risk factors
• C.Risk analysis
• D.Risk event
• E.Explanation:
  Risk factors are those features that influence the likelihood and/or business impact of risk
  scenarios. They have heavy influences on probability and impact of risk scenarios. They should be
  taken into account during every risk analysis, when likelihood and impact are assessed.
• F.is incorrect. A risk analysis involves identifying the most probable threats to an
  organization and analyzing the related vulnerabilities of the organization to these threats. A risk
  from an organizational perspective consists of:
  Threats to various processes of organization.
  Threats to physical and information assets.
  Likelihood and frequency of occurrence from threat.
  Impact on assets from threat and vulnerability.
  Risk analysis allows the auditor to do the following tasks:
  Identify threats and vulnerabilities to the enterprise and its information system.
  Provide information for evaluation of controls in audit planning.
  Aids in determining audit objectives.
  Supporting decision based on risks.
• G.is incorrect. The enterprise must consider risk that has not yet occurred and should
  develop scenarios around unlikely, obscure or non-historical events.
  Such scenarios can be developed by considering two things:
  Visibility
  Recognition
  For the fulfillment of this task enterprise must:
  Be in a position that it can observe anything going wrong
  Have the capability to recognize an observed event as something wrong

Comment: *

Name: *

Email: *

Verification: *

John works as a project manager for BlueWell Inc. He is determining which risks can affect the project. Which of the following inputs of the identify risks process is useful in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk?

• A.Activity duration estimates
• B.Activity cost estimates
• C.Risk management plan
• D.Schedule management plan
• E.Explanation:
  The activity duration estimates review is valuable in identifying risks associated to the time allowances for the activities or projects as a whole, with a width of the range indicating the degrees of risk.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST appropriate method to evaluate the potential impact of legal, regulatory, and contractual requirements on business objectives?

• A.Communication with business process stakeholders
• B.Compliance-oriented business impact analysis
• C.Compliance-oriented gap analysis
• D.Mapping of compliance requirements to policies and procedures
• E.Explanation:
  A compliance-oriented BIA will identify all the compliance requirements to which the enterprise has
  to align and their impacts on business objectives and activities. It is a discovery process meant to
  uncover the inner workings of any process. Hence it will also evaluate the potential impact of legal,
  regulatory, and contractual requirements on business objectives.
• F.is incorrect. Mapping of compliance requirements to policies and procedures will
  identify only the way the compliance is achieved but not the business impact.
• G.is incorrect. Communication with business process stakeholders is done so as to
  identify the business objectives, but it does not help in identifying impacts.

Comment: *

Name: *

Email: *

Verification: *