- Description
CMGT 430 Wk 2 – Management of Information Security, Ch. 7 Quiz
Complete the Ch. 7 Quiz using the MindTap Access link.
Which of the following describes an organization’s efforts to reduce damage caused by a realized incident or disaster?
- Transference
- Mitigation
- Acceptance
- Avoidance
The financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident is known as __________.
- probability estimate
- asset valuation
- cost avoidance
- risk acceptance premium
Once a control strategy has been selected and implemented, what should be done on an ongoing basis to determine their effectiveness and to estimate the remaining risk?
- Evaluation and funding
- Monitoring and measurement
- Analysis and adjustment
- Review and reapplication
Strategies to reestablish operations at the primary site after an adverse event threatens continuity of business operations are covered by which of the following plans in the mitigation control approach?
- Damage control plan
- Business continuity plan
- Incident response plan
- Disaster recovery plan
Which of the following can be described as the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility?
- Risk appetite
- Risk assurance
- Residual risk
- Risk termination
By multiplying the asset value by the exposure factor, you can calculate which of the following?
- Value to adversaries
- Annualized cost of the safeguard
- Single loss expectancy
- Annualized loss expectancy
When vulnerabilities have been controlled to the degree possible, there is often remaining risk that has not been completely removed, shifted, or planned for and is called __________.
- residual risk
- risk assurance
- risk appetite
- risk tolerance
What is the result of subtracting the postcontrol annualized loss expectancy and the ACS from the precontrol annualized loss expectancy?
- Annualized rate of occurrence
- Single loss expectancy
- Cost–benefit analysis
- Exposure factor
Which of the following determines acceptable practices based on consensus and relationships among the communities of interest?
- Operational feasibility
- Technical feasibility
- Political feasibility
- Organizational feasibility
What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks?
- Quantitative valuation of safeguards
- Subjective prioritization of controls
- Risk analysis estimates
- Qualitative assessment of many risk components