Module 5 - Risk Management - Q&A Flashcards
Which of the following could be considered the potential for harm to organizations, people, and information processing assets? A. Likelihood B. Impact C. Vulnerabilities D. Risk
D. Risk is the potential for harm to organizations, people, and information processing assets.
Which of the following would be an example of an intangible asset? A. Facility B. Consumer confidence C. Customer database D. Computer system
B. Consumer confidence is an intangible asset, because it can’t be easily measured or physically touched.
A \_\_\_\_\_\_\_\_\_\_ is a weakness inherent in an asset. A. vulnerability B. threat C. risk D. threat agent
A. A vulnerability is a weakness inherent to an asset.
A disgruntled employee decides to steal data from an unprotected computer system within the company. Which of the following terms describes the employee as a risk element? A. Threat B. Threat agent C. Vulnerability D. Risk
B. In this scenario, the employee is a threat agent, because she is initiating a threat against an asset. The vulnerability here is that the system is unprotected.
Which of the following is a negative event that can exploit a vulnerability? A. Risk B. Impact C. Threat D. Threat agent
C. A threat is a negative event that can exploit a vulnerability.
The level of certainty that a negative event will occur and successfully affect the organization is called the \_\_\_\_\_\_\_\_\_\_. A. likelihood B. impact C. risk D. threat
A. Likelihood is the level of certainty that a negative event will occur and detrimentally affect the organization.
Which of the following terms describes the level of harm that can result from a threat exploiting a vulnerability in an asset? A. Threat B. Likelihood C. Impact D. Damage
C. Impact describes the level of harm that can result from a threat exploiting a vulnerability in an asset.
Which two factors, always paired together, are necessary for there to be risk for a given circumstance? (Choose two.) A. Threat B. Vulnerability C. Threat agent D. Asset
A, B. Threats and vulnerabilities are paired together, and without either, there can be no risk for a given circumstance.
Your company is formulating its responses to the risks it has identified within the organization. Management has decided that for a particular risk, they will outsource certain processes and functions to a third-party provider to reduce the effect of the risk on your organization. Which of the following risk response options is your company using in this case? A. Risk acceptance B. Risk transference C. Risk avoidance D. Risk mitigation
B. Risk transference involves sharing risk with another party to reduce the effect the risk will have on your organization.
Your company implements security controls to mitigate a particular risk scenario. Six months later, it reevaluates the risk and discovers that the controls it implemented are ineffective. What did the company fail to do that might have corrected this problem earlier? A. Transfer risk B. Accept risk C. Avoid risk D. Monitor risk
D. The company should have been monitoring the risk to determine whether the controls implemented to reduce it are effective.
