When reporting risk assessment results to senior management, which of the following is MOST important to include to enable risk-based decision making?

• A.A list of assets exposed to the highest risk
• B.Potential losses compared to treatment cost
• C.Recent audit and self-assessment results
• D.Risk action plans and associated owners

Comment: *

Name: *

Email: *

Verification: *

Which of the following is NOT true for risk management capability maturity level 1?

• A.There is an understanding that risk is important and needs to be managed, but it is viewed as a technical issue and the business primarily considers the downside of IT risk
• B.Decisions involving risk lack credible information
• C.Risk appetite and tolerance are applied only during episodic risk assessments
• D.Risk management skills exist on an ad hoc basis, but are not actively developed

Comment: *

Name: *

Email: *

Verification: *

A risk practitioner observes that hardware failure incidents have been increasing over the last few months. However, due to built-in redundancy and fault-tolerant architecture, there have been no interruptions to business operations. The risk practitioner should conclude that:

• A.a root cause analysis is required
• B.controls are effective for ensuring continuity
• C.no action is required as there was no impact
• D.hardware needs to be upgraded

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST critical security consideration when an enterprise outsource its major part of IT department to a third party whose servers are in foreign company?

• A.A security breach notification may get delayed due to time difference
• B.The enterprise could not be able to monitor the compliance with its internal security and privacy guidelines
• C.Laws and regulations of the country of origin may not be enforceable in foreign country
• D.Additional network intrusion detection sensors should be installed, resulting in additional cost
• E.Explanation:
  Laws and regulations of the country of origin may not be enforceable in foreign country and conversely, it is also true that laws and regulations of the foreign outsourcer may also impact the enterprise. Hence violation of applicable laws may not be recognized or rectified due to lack of knowledge of the local laws.

Comment: *

Name: *

Email: *

Verification: *

A global organization is considering the acquisition of a competitor. Senior management has requested a review of the overall risk profile from the targeted organization.
Which of the following components of this review would provide the MOST useful information?

• A.Risk appetite statement
• B.Risk management policies
• C.Risk register
• D.Enterprise risk management framework

Comment: *

Name: *

Email: *

Verification: *