Which of the following is the MOST important topic to cover in a risk awareness training program for all staff?

• A.Internal and external information security incidents
• B.The risk department's roles and responsibilities
• C.Policy compliance requirements and exceptions process
• D.The organization's information security risk profile

Comment: *

Name: *

Email: *

Verification: *

While conducting an organization-wide risk assessment, it is noted that many of the information security policies have not changed in the past three years. The BEST course of action is to:

• A.report that the policies are adequate and do not need to be updated frequently.
• B.review and update the policies to align with industry standards.
• C.review the policies against current needs to determine adequacy.
• D.determine that the policies should be updated annually.

Comment: *

Name: *

Email: *

Verification: *

IT disaster recovery point objectives (RPOs) should be based on the:

• A.need of each business unit.
• B.type of business.
• C.maximum tolerable downtime.
• D.maximum tolerable loss of data.

Comment: *

Name: *

Email: *

Verification: *

You are the project manager of GHT project. You have selected appropriate Key Risk Indicators for your project. Now, you need to maintain those Key Risk Indicators. What is the MOST important reason to maintain Key Risk Indicators?

• A.Risk reports need to be timely
• B.Complex metrics require fine-tuning
• C.Threats and vulnerabilities change over time
• D.They help to avoid risk
• E.Explanation:
  Since the enterprise's internal and external environments are constantly changing, the risk environment is also highly dynamic, i.e., threats and vulnerabilities change over time. Hence KRIs
  need to be maintained to ensure that KRIs continue to effectively capture these changes.
• F.is incorrect. Timely risk reporting is one of the business requirements, but is not the
  reason behind KRI maintenance.
• G.is incorrect. While most key risk indicator metrics need to be optimized in respect to
  their sensitivity, the most important objective of KRI maintenance is to ensure that KRIs continue
  to effectively capture the changes in threats and vulnerabilities over time.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would provide the BEST guidance when selecting an appropriate risk treatment plan?

• A.Return on investment
• B.Risk mitigation budget
• C.Cost-benefit analysis
• D.Business impact analysis

Comment: *

Name: *

Email: *

Verification: *