The risk associated with data loss from a website which contains sensitive customer information is BEST owned by:

• A.the compliance manager
• B.the third-party website manager
• C.the business process owner
• D.IT security

Comment: *

Name: *

Email: *

Verification: *

What type of policy would an organization use to forbid its employees from using organizational e-mail for personal use?

• A.Anti-harassment policy
• B.Acceptable use policy
• C.Intellectual property policy
• D.Privacy policy

Comment: *

Name: *

Email: *

Verification: *

Which of the following would provide the MOST helpful input to develop risk scenarios associated with hosting an organization's key IT applications in a cloud environment?

• A.Reviewing the results of independent audits
• B.Performing a site visit to the cloud provider's data center
• C.Performing a due diligence review
• D.Conducting a risk workshop with key stakeholders

Comment: *

Name: *

Email: *

Verification: *

Which of the following techniques would be used during a risk assessment to demonstrate to stakeholders that all known alternatives were evaluated?

• A.Control chart
• B.Decision tree
• C.Sensitivity analysis
• D.Trend analysis

Comment: *

Name: *

Email: *

Verification: *

A service provider is managing a client's servers. During an audit of the service, a noncompliant control is discovered that will not be resolved before the next audit because the client cannot afford the downtime required to correct the issue. The service provider's MOST appropriate action would be to:

• A.develop a risk remediation plan overriding the client's decision.
• B.ask the client to document the formal risk acceptance for the provider.
• C.insist that the remediation occur for the benefit of other customers.
• D.make a note for this item in the next audit explaining the situation.

Comment: *

Name: *

Email: *

Verification: *