Which of the following approaches BEST identifies information systems control deficiencies?

• A.Risk assessment
• B.Countermeasures analysis
• C.Best practice assessment
• D.Gap analysis

Comment: *

Name: *

Email: *

Verification: *

As part of an overall IT risk management plan, an IT risk register BEST helps management:

• A.stay current with existing control status.
• B.communicate the enterprise risk management policy.
• C.align IT processes with business objectives.
• D.understand the organizational risk profile.

Comment: *

Name: *

Email: *

Verification: *

Beth is a project team member on the JHG Project. Beth has added extra features to the project and this has introduced new risks to the project work. The project manager of the JHG project elects to remove the features Beth has added. The process of removing the extra features to remove the risks is called what?

• A.Detective control
• B.Preventive control
• C.Corrective control
• D.Scope creep
• E.Explanation:
  This is an example of a preventive control as the problem is not yet occurred, only it is detected and are accounted for. By removing the scope items from the project work, the project manager is aiming to remove the added risk events, hence it is a preventive control. Preventive control is a type of internal control that is used to avoid undesirable events, errors and other occurrences, which an organization has determined could have a negative material effect on a process or end
  product.
• F.is incorrect. Corrective actions are steps to bring the future performance of the project
  work in line with the project management plan. These controls make effort to reduce the impact of
  a threat from problems discovered by detective controls. They first identify thecause of the
  problems, then take corrective measures and modify the systems to minimize the future
  occurrences of the problem. Hence an incident should take place before corrective controls come
  in action.
• G.is incorrect. Detective controls simply detect and report on the occurrence of problems.
  They identify specific symptoms to potential problems.

Comment: *

Name: *

Email: *

Verification: *

A risk practitioner discovers several key documents detailing the design of a product currently in development have been posted on the Internet. What should be the risk practitioner's FIRST course of action?

• A.Conduct an immediate risk assessment
• B.Perform a root cause analysis
• C.invoke the established incident response plan.
• D.Inform internal audit.

Comment: *

Name: *

Email: *

Verification: *

A root because analysis indicates a major service disruption due to a lack of competency of newly hired IT system administrators Who should be accountable for resolving the situation?

• A.HR recruitment manager
• B.Business process owner
• C.HR training director
• D.Chief information officer (CIO)

Comment: *

Name: *

Email: *

Verification: *