Which of the blowing is MOST important when implementing an organization s security policy?

• A.Benchmarking against industry standards
• B.Identifying threats and vulnerabilities
• C.Obtaining management support
• D.Assessing compliance requirements

Comment: *

Name: *

Email: *

Verification: *

To effectively support business decisions, an IT risk register MUST:

• A.reflect the results of risk assessments.
• B.effectively support a business maturity model.
• C.be available to operational risk groups.
• D.be reviewed by the IT steering committee.

Comment: *

Name: *

Email: *

Verification: *

Which of the following process ensures that extracted data are ready for analysis?

• A.Data analysis
• B.Data validation
• C.Data gathering
• D.Data access

Correct Answer: B

Explanation/Reference:
Explanation:
Data validation ensures that extracted data are ready for analysis. One objective is to perform data quality tests to ensure data are valid complete and free of errors. This may also involve making data from different sources suitable for comparative analysis.
Incorrect Answers:
A: Analysis of data involves simple set of steps or complex combination of commands and other functionality. Data analysis is designed in such a way to achieve the stated objectives from the project plan. Although this may be applicable to any monitoring activity, it would be beneficial to consider transferability and scalability. This may include robust documentation, use of software development standards and naming conventions.
C: Data gathering is the process of collecting data on risk to be monitored, prepare a detailed plan and define the project's scope. In the case of a monitoring project, this step should involve process owners, data owners, system custodians and other process stakeholders.
D: In the data access process, management identifies which data are available and how they can be acquired in a format that can be used for analysis. There are two options for data extraction:
Extracting data directly from the source systems after system owner approval

Receiving data extracts from the system custodian (IT) after system owner approval

Comment: *

Name: *

Email: *

Verification: *

An enterprise has identified risk events in a project. While responding to these identified risk events, which among the following stakeholders is MOST important for reviewing risk response options to an IT risk.

• A.Information security managers
• B.Internal auditors
• C.Incident response team members
• D.Business managers
• E.Explanation:
  Business managers are accountable for managing the associated risk and will determine what actions to take based on the information provided by others.

Comment: *

Name: *

Email: *

Verification: *

When developing a risk awareness training program, which of the following training topics would BEST facilitate a thorough understanding of risk scenarios?

• A.Analyzing key risk indicators (KRIs)
• B.Mapping threats to organizational objectives
• C.Reviewing past audits
• D.Identifying potential sources of risk

Comment: *

Name: *

Email: *

Verification: *