CIS 502 Week 1 Chapter 6 Q: Which of the following methods are involved in performing process/policy review? Risk assessment and risk exchange Risk exchange and risk sharing Risk management and risk assessment Risk management and risk exchange Q: Which of the following allocates subjective and intangible values to the loss of an asset? Business continuity planning Disaster recovery planning Qualitative risk analysis Quantitative risk analysis Q: Which of the following are the main principles in all security programs? Disclosure, alteration, and distribution Disclosure, alteration, and availability Disclosure, integrity, and availability Confidentiality, integrity, and availability Q: Which of the following is the qualitative method of risk analysis? Scenario analysis Internal loss method Business process modeling (BPM) and simulation Statistical process control (SPC) Q: Which of the following security procedures is the determination of quantitative or qualitative value of risk related to a concrete situation and a recognized threat? Risk acceptance Risk management Risk assessment Risk identification Q: Which of the following allocates subjective and intangible values to the loss of an asset? Business continuity planning Quantitative risk analysis Qualitative risk analysis Disaster recovery planning Q: Which of the following is NOT a purpose of risk analysis? To assist the auditor to identify the risks and threats To ensure absolute safety during the audit To support risk-based audit decisions To assist the auditor to determine the audit objectives Q: Which of the following statements is not true? Risks to an IT infrastructure are all computer based. The process by which the goals of risk management are achieved is known as risk analysis. IT security can provide protection only against logical or technical attacks. An asset is anything used in a business process or task. Q: Which of the following statements most closely depicts the difference between qualitative risk analysis and quantitative risk analysis? A quantitative risk analysis doesn’t use hard costs of losses; a qualitative risk analysis does. Less guesswork is used in a quantitative risk analysis. A quantitative risk analysis can’t use a number of calculations. A qualitative risk analysis uses a number of complex calculations. Q: Which of the following would generally notbe considered an asset in a risk analysis? A development process Users’ personal files A proprietary system resource An IT infrastructure Q: Which of the following are NOT outlined in the employment agreement? Rules and restrictions of the organization Names of all employees in the organization Details of the job description, violations, and consequences Security policies Q: Which of the following is a type of risk under separation of duties? Unauthorized transactions Incompatible responsibilities Maintaining unauthorized custody of assets Recording transactions Q: Which of the following is the goal of risk mitigation? To define the acceptable level of risk the organization can tolerate and reduce risk to that level To analyze and remove all vulnerabilities and threats to security within the organization To analyze the effects of a business disruption and prepare the company’s response To define the acceptable level of risk the organization can tolerate and assign any costs associated with loss or disruption to a third party Q: Which of the following statements is true for qualitative risk assessment? Collecting data on each and every process for qualitative risk assessment is very easy SLE and ARO are needed for qualitative risk assessment Cost is generally significantly higher than the cost of quantitative analysis Cost is generally significantly lower than the cost of quant
We employ a number of measures to ensure top quality essays. The papers go through a system of quality control prior to delivery. We run plagiarism checks on each paper to ensure that they will be 100% plagiarism-free. So, only clean copies hit customers’ emails. We also never resell the papers completed by our writers. So, once it is checked using a plagiarism checker, the paper will be unique.
FALL 2018 HOMEWORK HELP| ASSIGNMENT HELP,…