Show
Chapter 05 Risk Management TRUEFALSE 1. The upper management of an organization must structure the IT and information security functions to defend the organization's information assets. (A) True (B) False Answer : (A) 2. Risk control is the application of controls that reduce the risks to an organization's information assets to an acceptable level. (A) True (B) False Answer : (A) 3. According to Sun Tzu, if you know yourself and know your enemy, you have an average chance to be successful in an engagement. (A) True (B) False Answer : (B) 4. Knowing yourself means identifying, examining, and understanding the threats facing the organization. (A) True (B) False Answer : (B) 5. In addition to their other responsibilities, the three communities of interest are responsible for determining which control options are cost effective for the organization. (A) True (B) False Answer : (A)
Which risk control strategy shifts residual risk to other assets other processes or other organizations?Transference is the control approach that attempts to shift the risk to other assets, other processes, or other organizations.
Is a risk treatment strategy that attempts to shift the risk to other assets?First risk transference. The transference risk treatment strategy, sometimes known as risk sharing or simply risk transfer is the risk treatment strategy that attempts to shift risk to other assets, other processes or other organizations.
What strategy attempts to prevent the exploitation of the vulnerability?Mitigation. The mitigation strategy attempts to reduce the damage of a vulnerability by employing measures to limit a successful attack.
Which risk strategy is undertaken when you attempt to reduce the risk?Risk Reduction: Businesses can assign a level at which risk is acceptable, which is called the residual risk level. Risk reduction is the most common strategy because there is usually a way to at least reduce risk. It involves taking countermeasures to decrease the impact of consequences.
|