You are the project manager of RFT project. You have identified a risk that the enterprise's IT system and application landscape is so complex that, within a few years, extending capacity will become difficult and maintaining software will become very expensive. To overcome this risk the response adopted is re- architecture of the existing system and purchase of new integrated system. In which of the following risk prioritization options would this case be categorized?

• A.Deferrals
• B.Quick win
• C.Business case to be made
• D.Contagious risk

Comment: *

Name: *

Email: *

Verification: *

A newly hired risk practitioner finds that the risk register has not been updated in the past year. What is the risk practitioner's BEST course of action?

• A.Implement a process improvement and replace the old risk register
• B.Outsource the process for updating the risk register
• C.Identify changes in risk factors and initiate risk reviews
• D.Engage an external consultant to redesign the risk management process

Comment: *

Name: *

Email: *

Verification: *

Which of the following is BEST described by the definition below?
"They are heavy influencers of the likelihood and impact of risk scenarios and should be taken into account during every risk analysis, when likelihood and impact are assessed."

• A.Obscure risk
• B.Risk factors
• C.Risk analysis
• D.Risk event
• E.Explanation:
  Risk factors are those features that influence the likelihood and/or business impact of risk
  scenarios. They have heavy influences on probability and impact of risk scenarios. They should be
  taken into account during every risk analysis, when likelihood and impact are assessed.
• F.is incorrect. A risk analysis involves identifying the most probable threats to an
  organization and analyzing the related vulnerabilities of the organization to these threats. A risk
  from an organizational perspective consists of:
  Threats to various processes of organization.
  Threats to physical and information assets.
  Likelihood and frequency of occurrence from threat.
  Impact on assets from threat and vulnerability.
  Risk analysis allows the auditor to do the following tasks:
  Identify threats and vulnerabilities to the enterprise and its information system.
  Provide information for evaluation of controls in audit planning.
  Aids in determining audit objectives.
  Supporting decision based on risks.
• G.is incorrect. The enterprise must consider risk that has not yet occurred and should
  develop scenarios around unlikely, obscure or non-historical events.
  Such scenarios can be developed by considering two things:
  Visibility
  Recognition
  For the fulfillment of this task enterprise must:
  Be in a position that it can observe anything going wrong
  Have the capability to recognize an observed event as something wrong

Comment: *

Name: *

Email: *

Verification: *

Risks to an organization's image are referred to as what kind of risk?

• A.Operational
• B.Financial
• C.Information
• D.Strategic
• E.Explanation:
  Strategic risks are those risks which have potential outcome of not fulfilling on strategic objectives of the organization as planned. Since the strategic objective will shape and impact the entire organization, the risk of not meeting that objective can impose a great threat on the organization. Strategic risks can be broken down into external and internal risks: External risks are those circumstances from outside the enterprise which will have a potentially damaging or helpful impact on the enterprise. These risks include sudden change of economy, industry, or regulatory conditions. Some of the external risks are predictable while others are not. For instance, a recession may be predictable and the enterprise may be able to hedge against the dangers economically; but the total market failure may not as predictable and can be much more devastating. Internal risks usually focus on the image or reputation of the enterprise. some of the risks that are involved in this are public communication, trust, and strategic agreement from stakeholders and customers.
  Reference: CRISC, Contents: "Assessing Risks"
• F.is incorrect. Financial risks are not directly linked with organization's reputation.
• G.is incorrect. Risk associated with leakage of information to an unauthorized person does not affect organization's image.

Comment: *

Name: *

Email: *

Verification: *

Which of the following will significantly affect the standard information security governance model?

• A.Currency with changing legislative requirements
• B.Number of employees
• C.Complexity of the organizational structure
• D.Cultural differences between physical locations
• E.Explanation:
  Complexity of the organizational structure will have the most significant impact on the Information security governance model. Some of the elements that impact organizational structure are multiple business units and functions across the organization.

Comment: *

Name: *

Email: *

Verification: *