Which of the following controls will BEST detect unauthorized modification of data by a database administrator?

• A.Reviewing database access rights
• B.Reviewing changes to edit checks
• C.Comparing data to input records
• D.Reviewing database activity logs

Comment: *

Name: *

Email: *

Verification: *

The following is the snapshot of a recently approved IT risk register maintained by an organization's information security department.

After implementing countermeasures listed in ''Risk Response Descriptions'' for each of the Risk IDs, which of the following component of the register MUST change?

• A.Risk Impact Rating
• B.Risk Owner
• C.Risk Likelihood Rating
• D.Risk Exposure

Comment: *

Name: *

Email: *

Verification: *

A risk manager has determined there is excessive risk with a particular technology. Who is the BEST person to own the unmitigated risk of the technology?

• A.Chief risk officer
• B.Chief financial officer
• C.Business process owner
• D.IT system owner

Comment: *

Name: *

Email: *

Verification: *

You work as a project manager for BlueWell Inc. You are preparing to plan risk responses for your project with your team. How many risk response types are available for a negative risk event in the project?

• A.5
• B.7
• C.1
• D.4
• E.Explanation:
  Four risk response options are there to deal with negative risks or threats on the project objectives- avoid, transfer, mitigate, and accept. Risk avoidance Risk mitigation Risk transfer Risk acceptance

Comment: *

Name: *

Email: *

Verification: *

Which of the following are sub-categories of threat?
Each correct answer represents a complete solution. Choose three.

• A.Natural and supernatural
• B.Computer and user
• C.Natural and man-made
• D.Intentional and accidental
• E.External and internal

Correct Answer: C,D,E

Explanation/Reference:
Explanation:
A threat is any event which have the potential to cause a loss. In other word, it is any activity that represents a possible danger. The loss or danger is directly related to one of the following:
Loss of confidentiality- Someone sees a password or a company's secret formula, this is referred to as

loss of confidentiality. Loss of integrity- An e-mail message is modified in transit, a virus infects a file, or someone makes unauthorized changes to a Web site is referred to as loss of integrity.
Loss of availability- An e-mail server is down and no one has e-mail access, or a file server is down so

data files aren't available comes under loss of availability.
Threat identification is the process of creating a list of threats. This list attempts to identify all the possible threats to an organization. The list can be extensive.
Threats are often sub-categorized as under:
External or internal- External threats are outside the boundary of the organization. They can also be

thought of as risks that are outside the control of the organization. While internal threats are within the boundary of the organization. They could be related to employees or other personnel who have access to company resources. Internal threats can be related to any hardware or software controlled by the business.
Natural or man-made- Natural threats are often related to weather such as hurricanes, tornadoes, and

ice storms. Natural disasters like earthquakes and tsunamis are also natural threats. A human or man- made threat is any threat which is caused by a person. Any attempt to harm resources is a man-made threat. Fire could be man-made or natural depending on how the fire is started.
Intentional or accidental- An attempt to compromise confidentiality, integrity, or availability is intentional.

While employee mistakes or user errors are accidental threats. A faulty application that corrupts data could also be considered accidental.

Comment: *

Name: *

Email: *

Verification: *