CMGT 430 Wk 2 – Management of Information Security, Ch. 7 Quiz

0 items
CMGT 430 Wk 2 - Management of Information Security, Ch. 7 Quiz
CMGT 430 Wk 2 – Management of Information Security, Ch. 7 Quiz
$6.00
Go to the store page
  • Description

CMGT 430 Wk 2 – Management of Information Security, Ch. 7 Quiz

Complete the Ch. 7 Quiz using the MindTap Access link.

Which of the following describes an organization’s efforts to reduce damage caused by a realized incident or disaster?

  • Transference

  • Mitigation

  • Acceptance

  • Avoidance

 

The financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident is known as __________.

  • probability estimate

  • asset valuation

  • cost avoidance

  • risk acceptance premium

 

Once a control strategy has been selected and implemented, what should be done on an ongoing basis to determine their effectiveness and to estimate the remaining risk?

  • Evaluation and funding

  • Monitoring and measurement

  • Analysis and adjustment

  • Review and reapplication

 

Strategies to reestablish operations at the primary site after an adverse event threatens continuity of business operations are covered by which of the following plans in the mitigation control approach?

  • Damage control plan

  • Business continuity plan

  • Incident response plan

  • Disaster recovery plan

 

Which of the following can be described as the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility?

  • Risk appetite

  • Risk assurance

  • Residual risk

  • Risk termination

 

By multiplying the asset value by the exposure factor, you can calculate which of the following?

  • Value to adversaries

  • Annualized cost of the safeguard

  • Single loss expectancy

  • Annualized loss expectancy

 

When vulnerabilities have been controlled to the degree possible, there is often remaining risk that has not been completely removed, shifted, or planned for and is called __________.

  • residual risk

  • risk assurance

  • risk appetite

  • risk tolerance

 

What is the result of subtracting the postcontrol annualized loss expectancy and the ACS from the precontrol annualized loss expectancy?

  • Annualized rate of occurrence

  • Single loss expectancy

  • Cost–benefit analysis

  • Exposure factor

 

Which of the following determines acceptable practices based on consensus and relationships among the communities of interest?

  • Operational feasibility

  • Technical feasibility

  • Political feasibility

  • Organizational feasibility

 

What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks?

  • Quantitative valuation of safeguards

  • Subjective prioritization of controls

  • Risk analysis estimates

  • Qualitative assessment of many risk components