quiz 18 csia

The risk treatment option of applying controls to reduce risk is known as:

Question options:

View Feedback

The risk treatment option of deliberately operating without applying one of the other treatment options available is known as

Question options:

View Feedback

A security policy must be so written that it can be understood by

Question options:

View Feedback

These are created by various third-party organizations and are designed to provide a framework to assist organizations in building their information security program

Question options:

View Feedback

Residual risk is defined as

Question options:

View Feedback

Compliance is the act of conforming to:

Question options:

View Feedback

The risk treatment option of reassigning accountability for a risk to another entity or organization is known as

Question options:

View Feedback

These exist to guide the processes of identifying, treating, and monitoring information security risks in an organization.

Question options:

View Feedback

Controls are implemented to:

Question options:

View Feedback

__________ is a central repository where risks and risk treatments are stored and regularly reviewed.

Question options:

View Feedback

If you were CISO of a company that primarily does business with the U.S. government and had to design an information security program which framework would be most appropriate?

Question options:

View Feedback

What financial tool would a CISO use to ensure that the cost of security controls cannot exceed the value of the information or assets being protected?

Question options:

View Feedback

Which of the following articles has the least impact on the development of an organization’s information security policies, standards, and procedures?

Question options:

View Feedback

Governance, Risk, and _______ are the 3 things that account for nearly half of a CISO’s time.

Question options:

View Feedback

If a risk would cause $800,000 in damages and $200,000 in clean-up costs and the likelihood of the risk manifesting is 5%, what would be the Annual Loss Expectation?

Question options:

View Feedback

The maturity of an organization influences governance which influences the governance of the information security program. What size company would be more likely to have a higher level of maturity?

Question options:

View Feedback

How would you demonstrate an organization’s commitment to adhere to legal and regulatory requirements?

Question options:

View Feedback

In the case of business leadership choosing an alternate risk treatment than what the CISO recommended, what position does the CISO take?

Question options:

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *