You are the project manager of your enterprise. You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats. You noticed that the existing control is not efficient in mitigating these new risks. What are the various steps you could take in this case?
Each correct answer represents a complete solution. Choose all that apply.

• A.Education of staff or business partners
• B.Deployment of a threat-specific countermeasure
• C.Modify of the technical architecture
• D.Apply more controls

Correct Answer: A,B,C

Explanation/Reference:
Explanation:
As new threats are identified and prioritized in terms of impact, the first step is to evaluate the ability of existing controls to mitigate risk associated with new threats and if it does not work then in that case facilitate the:
Modification of the technical architecture

Deployment of a threat-specific countermeasure

Implementation of a compensating mechanism or process until mitigating controls are developed

Education of staff or business partners

Incorrect Answers:
D: Applying more controls is not the good solution. They usually complicate the condition.

Comment: *

Name: *

Email: *

Verification: *

Which of the following represents a vulnerability?

• A.An identity thief seeking to acquire personal financial data from an organization
• B.Media recognition of an organization's market leadership in its industry
• C.An employee recently fired for insubordination
• D.A standard procedure for applying software patches two weeks after release

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the priority of data owners when establishing risk mitigation method?

• A.User entitlement changes
• B.Platform security
• C.Intrusion detection
• D.Antivirus controls

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important requirement for monitoring key risk indicators (KRls) using log analysis?

• A.Obtaining logs m an easily readable format
• B.Providing accurate logs m a timely manner
• C.implementing an automated log analysis tool
• D.Collecting logs from the entire set of IT systems

Comment: *

Name: *

Email: *

Verification: *

Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?

• A.Detective control
• B.Preventive control
• C.Corrective control
• D.Scope creep
• E.Explanation:
  This is an example of a preventive control as the problem is not yet occurred, only it is detected and are accounted for. By removing the scope items from the project work, the project manager is aiming to remove the added risk events, hence it is a preventive control. Preventive control is a type of internal control that is used to avoid undesirable events, errors and other occurrences, which an organization has determined could have a negative material effect on a process or end
  product.
• F.is incorrect. Corrective actions are steps to bring the future performance of the project
  work in line with the project management plan. These controls make effort to reduce the impact of
  a threat from problems discovered by detective controls. They first identify thecause of the
  problems, then take corrective measures and modify the systems to minimize the future
  occurrences of the problem. Hence an incident should take place before corrective controls come
  in action.
• G.is incorrect. Detective controls simply detect and report on the occurrence of problems.
  They identify specific symptoms to potential problems.

Comment: *

Name: *

Email: *

Verification: *