Which of the following statements BEST describes policy?

• A.A minimum threshold of information security controls that must be implemented
• B.A checklist of steps that must be completed to ensure information security
• C.An overall statement of information security scope and direction
• D.A technology-dependent statement of best practices

Comment: *

Name: *

Email: *

Verification: *

Which of the following would prompt changes in key risk indicator {KRI) thresholds?

• A.Changes in risk appetite or tolerance
• B.Changes to the risk register
• C.Knowledge of new and emerging threats
• D.Modification to risk categories

Comment: *

Name: *

Email: *

Verification: *

Which of the following operational risks ensures that the provision of a quality product is not overshadowed by the production costs of that product?

• A.Information security risks
• B.Contract and product liability risks
• C.Project activity risks
• D.Profitability operational risks

Comment: *

Name: *

Email: *

Verification: *

What is the process for selecting and implementing measures to impact risk called?

• A.Risk Treatment
• B.Control
• C.Risk Assessment
• D.Risk Management

Comment: *

Name: *

Email: *

Verification: *

A risk owner has identified a risk with high impact and very low likelihood. The potential loss is covered by insurance. Which of the following should the risk practitioner do NEXT?

• A.Recommend avoiding the risk.
• B.Update the risk register.
• C.Validate the risk response with internal audit.
• D.Evaluate outsourcing the process.

Comment: *

Name: *

Email: *

Verification: *