What should be PRIMARILY responsible for establishing an organization's IT risk culture?

• A.Risk management
• B.IT management
• C.Business process owner
• D.Executive management

Comment: *

Name: *

Email: *

Verification: *

During which of the following processes, probability and impact matrix are prepared?

• A.Risk response
• B.Monitoring and Control Risk
• C.Quantitative risk assessment
• D.Qualitative risk assessment

Comment: *

Name: *

Email: *

Verification: *

An IT risk practitioner is evaluating an organization's change management controls over the last six months.
The GREATEST concern would be an increase in:

• A.number of user stories approved for implementation.
• B.change-related exceptions per month.
• C.rolled back changes below management's thresholds.
• D.the average implementation time for changes.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST help identify the owner for each risk scenario in a risk register?

• A.Mapping identified risk factors to specific business processes
• B.Allocating responsibility for risk factors equally to asset owners
• C.Determining which departments contribute most to risk
• D.Determining resource dependency of assets

Comment: *

Name: *

Email: *

Verification: *

To which level the risk should be reduced to accomplish the objective of risk management?

• A.To a level where ALE is lower than SLE
• B.To a level where ARO equals SLE
• C.To a level that an organization can accept
• D.To a level that an organization can mitigate

Comment: *

Name: *

Email: *

Verification: *