Which of the following stakeholders are typically included as part of a line of defense within the three lines of defense model?

• A.Legal team
• B.Regulators
• C.Board of directors
• D.Vendors

Comment: *

Name: *

Email: *

Verification: *

Fred is the project manager of a large project in his organization. Fred needs to begin planning the risk management plan with the project team and key stakeholders. Which plan risk management process tool and technique should Fred use to plan risk management?

• A.Information gathering techniques
• B.Data gathering and representation techniques
• C.Planning meetings and analysis
• D.Variance and trend analysis

Correct Answer: C

Explanation/Reference:
Explanation:
There is only one tool and technique available for Fred to plan risk management: planning meetings and analysis. Planning Meeting and Analysis is a tool and technique in the Plan Risk Management process.
Planning meetings are organized by the project teams to develop the risk management plan. Attendees at these meetings include the following:
Project manager

Selected project team members

Stakeholders

Anybody in the organization with the task to manage risk planning

Sophisticated plans for conducting the risk management activities are defined in these meetings, responsibilities related to risk management are assigned, and risk contingency reserve application approaches are established and reviewed.
Incorrect Answers:
A, B, D: These are not plan risk management tools and techniques.

Comment: *

Name: *

Email: *

Verification: *

Who is BEST suited to determine whether a new control properly mitigates data loss risk within a system?

• A.Control owner
• B.Risk owner
• C.Data owner
• D.System owner

Comment: *

Name: *

Email: *

Verification: *

The maturity of an IT risk management program is MOST influenced by:

• A.the organization's risk culture
• B.industry-specific regulatory requirements
• C.benchmarking results against similar organizations
• D.expertise available within the IT department

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the PRIMARY focus of an IT risk awareness program?

• A.Cultivate long-term behavioral change.
• B.Ensure compliance with the organization's internal policies
• C.Demonstrate regulatory compliance.
• D.Communicate IT risk policy to the participants.

Comment: *

Name: *

Email: *

Verification: *