Itt Risk Managment Final Answers
In which of the IT domains is a database considered a major component of risk?
System/Application Domain
Which of the following is not a risk management technique?
Certification
A CBA is an effort to
Compare the impact of a realized risk to the economic risk associated with managing it
Which of the following is not a technique for mitigating vulnerabilities?
Programming bugs
A DoS attack is a threat action affecting which IT domain?
LAN-WAN Domain
To which of the following does HIPAA apply?
Health insurance companies
To which of the following does FERPA apply?
Educational institutions
Which of the following standards contains eight principles specific to security?
GAISP
Which of the following standards gives detailed descriptions of IT practices and comprehensive checklists, tasks, and procedures that can be tailed by IT organizations to fit their needs?
ITIL
Which agency enforces the SOX
SEC
Which of the following is not a step in the risk control process?
Risk identification
Which of the following is responsible for planning, budgeting, and performance of information system security?
IT management
Who must make trade off decisions regarding system security?
System and information owners
Who develops appropriate training materials for risk management?
Security awareness personnel
Which of the following is a goal of an organization's risk management?
Ability to perform the mission
Which of the following is not a step in performing a RA?
Organizing company assets
Why is RA a good idea?
Protect assets
Which of the following is a type of RA?
Qualitative
Which of the following is not a threat?
Poor firewall configuration
What is scope?
Extent or range of view, outlook, application, operation, and effectiveness
Which of the following is a technique for identifying threats?
Review historical data
Which of the following is an example of administrative control?
Policies and procedures
System/Application Domain
Which of the following is not a risk management technique?
Certification
A CBA is an effort to
Compare the impact of a realized risk to the economic risk associated with managing it
Which of the following is not a technique for mitigating vulnerabilities?
Programming bugs
A DoS attack is a threat action affecting which IT domain?
LAN-WAN Domain
To which of the following does HIPAA apply?
Health insurance companies
To which of the following does FERPA apply?
Educational institutions
Which of the following standards contains eight principles specific to security?
GAISP
Which of the following standards gives detailed descriptions of IT practices and comprehensive checklists, tasks, and procedures that can be tailed by IT organizations to fit their needs?
ITIL
Which agency enforces the SOX
SEC
Which of the following is not a step in the risk control process?
Risk identification
Which of the following is responsible for planning, budgeting, and performance of information system security?
IT management
Who must make trade off decisions regarding system security?
System and information owners
Who develops appropriate training materials for risk management?
Security awareness personnel
Which of the following is a goal of an organization's risk management?
Ability to perform the mission
Which of the following is not a step in performing a RA?
Organizing company assets
Why is RA a good idea?
Protect assets
Which of the following is a type of RA?
Qualitative
Which of the following is not a threat?
Poor firewall configuration
What is scope?
Extent or range of view, outlook, application, operation, and effectiveness
Which of the following is a technique for identifying threats?
Review historical data
Which of the following is an example of administrative control?
Policies and procedures