Which of the following is prepared by the business and serves as a starting point for producing the IT Service Continuity Strategy?

• A.Business Continuity Strategy
• B.Index of Disaster-Relevant Information
• C.Disaster Invocation Guideline
• D.Availability/ ITSCM/ Security Testing Schedule

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY advantage of implementing an IT risk management framework is the:

• A.establishment of a reliable basis for risk-aware decision making.
• B.compliance with relevant legal and regulatory requirements.
• C.alignment of business goals with IT objectives.
• D.improvement of controls within the organization and minimized losses.

Comment: *

Name: *

Email: *

Verification: *

An organization has outsourced its IT security operations to a third party. Who is ULTIMATELY accountable for the risk associated with the outsourced operations?

• A.The organization's vendor management office
• B.The organization's management
• C.The control operators at the third party
• D.The third party's management

Comment: *

Name: *

Email: *

Verification: *

Your project has several risks that may cause serious financial impact if they occur. You have studied the risk events and made some potential risk responses for the risk events but management wants you to do more. They'd like you to create some type of a chart that identified the risk probability and impact with a financial amount for each risk event. What is the likely outcome of creating this type of chart?

• A.Risk response plan
• B.Contingency reserve
• C.Risk response
• D.Quantitative analysis
• E.Explanation:
  This chart is a probability-impact matrix in a quantitative analysis process. The probability and financial impact of each risk is learned through research, testing, and subject matter experts. The probability of the event is multiplied by the financial impact to create a risk event value for each risk. The sum of the risk event values will lead to the contingency reserve for the project.
• F.is incorrect. The risk responses are needed but this chart doesn't help the project
  manager to create them.
• G.is incorrect. The risk response plan is based on the risk responses, not the risk
  probability-impact matrix.

Comment: *

Name: *

Email: *

Verification: *

Risks to an organization's image are referred to as what kind of risk?

• A.Operational
• B.Financial
• C.Information
• D.Strategic

Correct Answer: D

Explanation/Reference:
Explanation:
Strategic risks are those risks which have potential outcome of not fulfilling on strategic objectives of the organization as planned. Since the strategic objective will shape and impact the entire organization, the risk of not meeting that objective can impose a great threat on the organization.
Strategic risks can be broken down into external and internal risks:
External risks are those circumstances from outside the enterprise which will have a potentially

damaging or helpful impact on the enterprise. These risks include sudden change of economy, industry, or regulatory conditions. Some of the external risks are predictable while others are not. For instance, a recession may be predictable and the enterprise may be able to hedge against the dangers economically; but the total market failure may not as predictable and can be much more devastating.
Internal risks usually focus on the image or reputation of the enterprise. some of the risks that are

involved in this are public communication, trust, and strategic agreement from stakeholders and customers.

Comment: *

Name: *

Email: *

Verification: *