An IT department has organized training sessions to improve user awareness of organizational information security policies. Which of the following is the BEST key performance indicator (KPI) to reflect effectiveness of the training?

• A.Number of training sessions completes
• B.Percentage of attendees versus total staff
• C.Percentage of staff members who complete the training with a passing score
• D.Percentage of staff members who attend the training with positive feedback

Comment: *

Name: *

Email: *

Verification: *

An organization has outsourced its IT security management function to an external service provider. The BEST party to own the IT security controls under this arrangement is the:

• A.organization's risk function
• B.service provider's audit function
• C.organization's IT management
• D.service provider's IT security function

Comment: *

Name: *

Email: *

Verification: *

You are the project manager for your organization. You are preparing for the quantitative risk analysis. Mark, a project team member, wants to know why you need to do quantitative risk analysis when you just completed qualitative risk analysis. Which one of the following statements best defines what quantitative risk analysis is?

• A.Quantitative risk analysis is the review of the risk events with the high probability and the highest impact on the project objectives.
• B.Quantitative risk analysis is the process of prioritizing risks for further analysis or action by assessing and combining their probability of occurrence and impact.
• C.Quantitative risk analysis is the process of numerically analyzing the effect of identified risks on overall project objectives.
• D.Quantitative risk analysis is the planning and quantification of risk responses based on probability and impact of each risk event.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of the NHH Project. You are working with the project team to create a plan to document the procedures to manage risks throughout the project. This document will define how risks will be identified and quantified. It will also define how contingency plans will be implemented by the project team. What document do you and your team is creating in this scenario?

• A.Project plan
• B.Resource management plan
• C.Project management plan
• D.Risk management plan
• E.Explanation:
  The risk management plan, part of the comprehensive management plan, defines how risks will be identified, analyzed, monitored and controlled, and even responded to. A Risk management plan is a document arranged by a project manager to estimate the effectiveness, predict risks, and build response plans to mitigate them. It also consists of the risk assessment matrix. Risks are built in with any project, and project managers evaluate risks repeatedly and build plans to address them. The risk management plan consists of analysis of possible risks with both high and low impacts, and the mitigation strategies to facilitate the project and avoid being derailed through which the common problems arise. Risk management plans should be timely reviewed by the project team in order to avoid having the analysis become stale and not reflective of actual potential project risks. Most critically, risk management plans include a risk strategy for project execution.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indication of an effective risk management program?

• A.Risk action plans are approved by senior management
• B.Mitigating controls are designed and implemented
• C.Residual risk is within the organizational risk appetite
• D.Risk is recorded and tracked in the risk register

Comment: *

Name: *

Email: *

Verification: *