Question 1

How can the purpose of risk management best be described?&#10;A)A method to improve the performance of the organizations stock portfolio&#10;B)To take cost effective measures to reduce potential risk to the organization to an acceptable level&#10;C)A method to inform management of the types of assets the company controls&#10;D)A means of getting cheaper insurance for the organization

Accepted Answer

The purpose of risk management is to take cost effective measures to reduce potential risk to the organization to an acceptable level. It involves identifying, assessing, and mitigating potential risks that could harm the organization's objectives, assets, or reputation. Risk management is not aimed at improving stock performance or getting cheaper insurance, nor is it solely focused on identifying the types of assets the company controls.

Question 2

Using the general risk management model,natural disasters,terrorism,fraud,equipment failure,fall under which step?&#10;A)Asset identification&#10;B)Threat assessment&#10;C)Impact determination and quantification&#10;D)Residual risk management

Accepted Answer

Natural disasters, terrorism, fraud, and equipment failure are all potential threats to an organization's assets. Therefore, they fall under the threat assessment step of the risk management model, which involves identifying potential threats and evaluating their likelihood of occurrence.

Question 3

Which of the following is the value for the expected loss of a single asset?&#10;A)SLE&#10;B)ALE&#10;C)SRO&#10;D)ARO

Accepted Answer

SLE (Single Loss Expectancy) is the value for the expected loss of a single asset. It quantifies the expected monetary loss for a single event that results in the compromise of an asset.

Question 4

Which of the following is the value for the number of times an event is expected to occur in a year?&#10;A)SLE&#10;B)ALE&#10;C)SRO&#10;D)ARO

Accepted Answer

ARO (Annual Rate of Occurrence) is the value that represents the expected number of times an event is likely to occur in a year.

Question 5

Which management tool is used for diagramming the interdependencies between project activities,showing the sequence and duration of each activity?&#10;A)Pareto charts&#10;B)Gantt charts&#10;C)Interrelationship digraphs&#10;D)PERT charts

Accepted Answer

PERT (Program Evaluation and Review Technique) charts are used to diagram the interdependencies between project activities, showing the sequence and duration of each activity. It enables project managers to plan and schedule complex projects, especially those with many interrelated tasks. Gantt charts only show the start and end dates of each task, and do not highlight dependencies between activities, so they are not the best choice for this purpose. Pareto charts and interrelationship digraphs are quality management tools used to analyze and visualize data and interrelationships between various factors or variables, but they are not used for project scheduling or planning.

Question 6

How can risk best be described?&#10;A)The possibility of suffering harm or loss&#10;B)The chance that the organization will go bankrupt&#10;C)Something that is dependent on the types of insurance the company buys&#10;D)Something that is dependent on the overall asset value of the company

Accepted Answer

Risk is most commonly defined as the possibility of suffering harm or loss, whether it be financial, operational, reputational, or otherwise. It involves an assessment of the likelihood and potential impact of any negative events or outcomes that could occur within a given context, such as a business or project. While insurance and asset valuation can be relevant factors in managing risk, they are not the primary determinants of whether a risk exists.

Question 7

Using the general risk management model,direct loss of money,interruption of business activity,and breach of confidence,fall under which step?&#10;A)Asset identification&#10;B)Threat assessment&#10;C)Impact determination and quantification&#10;D)Residual risk management

Accepted Answer

The direct loss of money, interruption of business activity, and breach of confidence are all potential impacts that need to be determined and quantified in order to effectively assess and manage risk. This falls under the impact determination and quantification step of the risk management model.

Question 8

Calculate the SLE based on the following information:
The asset value is 4 million dollars.
The exposure factor is about 25 percent.
What is the SLE?

A)3 million dollars
B)4.25 million dollars
C)5 million dollars
D)1 million dollars

Accepted Answer

The Single Loss Expectancy (SLE) is calculated by multiplying the asset value by the exposure factor. In this case, SLE = 4 million dollars * 25% = 1 million dollars.

Question 9

Contract management,fraud,regulatory risk management,and business continuity management are examples of&#10;A)Business risks&#10;B)Technology risks&#10;C)Market risks&#10;D)Operational risks

Accepted Answer

The answer of Contract management,fraud,regulatory risk management,and business continuity management...

Question 10

Which of the following is used to calculate the threshold for evaluating the cost/benefit ratio of a given countermeasure?&#10;A)SLE&#10;B)ALE&#10;C)SRO&#10;D)ARO

Accepted Answer

The ALE (Annualized Loss Expectancy) is used to calculate the threshold for evaluating the cost/benefit ratio of a given countermeasure. It is calculated by multiplying the SLE (Single Loss Expectancy) by the ARO (Annualized Rate of Occurrence) or likelihood of the threat occurring in a year. The threshold for considering a countermeasure is usually set at a level below the ALE to ensure that the cost of the countermeasure is justified by the reduction of potential losses. SRO (Single Recovery Objective) is used to determine the desired timeframe for recovering an asset in case of a disruption, while ARO is used to determine the frequency of occurrence of a threat in a year.

Question 11

Which management tool is used for identifying relationships between a risk and the factors that can cause it?&#10;A)Affinity grouping&#10;B)Cause and effect analysis&#10;C)Interrelationship digraphs&#10;D)Risk management plan

Accepted Answer

The answer of Which management tool is used for identifying...

Question 12

What are the steps for the software engineering institute model for risk management?&#10;A)Identify,analyze,plan,track,and control&#10;B)Analyze,track,identify,plan,and control&#10;C)Identify assets,threats,vulnerabilities,and exposure factor&#10;D)Cost benefit analysis,control,and review

Accepted Answer

The answer of What are the steps for the software...

Question 13

Which of the following describes the process of threat assessment during a risk assessment?&#10;A)Identifying the possible threats and vulnerabilities associated with each asset,and the likelihood of their occurrence&#10;B)Categorizing and cataloging any threats made against the organization in the last 10 years&#10;C)Establishing a human resource procedure to notify the police if anyone threatens an employee&#10;D)Assessing the total net worth of the company,and then selecting an insurance company to insure the company against all threats.

Accepted Answer

The answer of Which of the following describes the process...

Question 14

Risk management is most often&#10;A)Purely qualitative&#10;B)Purely quantitative&#10;C)Both qualitative and quantitative&#10;D)Purely objective

Accepted Answer

The answer of Risk management is most often&#10;A)Purely qualitative&#10;B)Purely quantitative&#10;C)Both...

Question 15

Which of the following is the formula for single loss expectancy (SLE)?&#10;A)The exposure factor added to the asset&#10;B)The asset multiplied by the exposure factor&#10;C)The asset divided by the annual rate of expectancy&#10;D)The asset multiplied by the exposure factor and divided by the annual rate of expectancy

Accepted Answer

The answer of Which of the following is the formula...

Question 16

Which management tool is used for diagramming schedules,events,and activity duration?&#10;A)Pareto charts&#10;B)Gantt charts&#10;C)Interrelationship digraphs&#10;D)PERT charts

Accepted Answer

The answer of Which management tool is used for diagramming...

Question 17

Which of the following describes the process of asset identification during a risk assessment?&#10;A)Collecting data on the value of bank accounts and other financial notes controlled by the organization&#10;B)Identifying and classifying the assets,systems,and processes that need protection because they are vulnerable to threats&#10;C)Collecting data on the property plant and equipment to be prepared to file an insurance claim&#10;D)Hiring an outside auditing firm to assess the total net worth of the company

Accepted Answer

The answer of Which of the following describes the process...

Question 18

Calculate the ALE based on the following information:
The SLE is 4 million dollars.
The ARO is 5%.
What is the ALE?

A)4.5 million dollars
B)2 million dollars
C)200,000 dollars
D)4,200,000 dollars

Accepted Answer

The answer of Calculate the ALE based on the following...

Question 19

What is the formula for annual rate of expectancy?&#10;A)The asset multiplied by the exposure factor&#10;B)The exposure factor added to the asset&#10;C)The single loss expectancy multiplied by the annual rate of occurrence&#10;D)The asset divided by the annual rate of expectancy

Accepted Answer

The answer of What is the formula for annual rate...

Question 20

Information systems testing,change management,and reliability and performance management are examples of which of the following?&#10;A)Business risks&#10;B)Technology risks&#10;C)Market risks&#10;D)Operational risks

Accepted Answer

The answer of Information systems testing,change management,and reliability and performance...

Question 21

A(n)_______________ is a measure taken to detect,prevent,or mitigate the risk associated with a threat.

Accepted Answer

The answer of A(n)_______________ is a measure taken to detect,prevent,or...

Question 22

ALE = SLE * ARO

Accepted Answer

The answer of ALE = SLE * ARO...

Question 23

_______________ is a measure of the magnitude of loss of an asset,and is used in the calculation of a single loss expectancy.

Accepted Answer

The answer of _______________ is a measure of the magnitude...

Question 24

A(n)_______________ is any resource or information an organization needs to conduct its business.

Accepted Answer

The answer of A(n)_______________ is any resource or information an...

Question 25

A risk that remains after implementing controls is termed a(n)_______________.

Accepted Answer

The answer of A risk that remains after implementing controls...

Question 26

A qualitative risk assessment relies on judgment and experience;quantitative risk assessment applies historical information and trends to attempt to predict future performance.

Accepted Answer

The answer of A qualitative risk assessment relies on judgment...

Question 27

_______________ are histograms that rank the categories in a chart from most frequent to least frequent,thus facilitating risk prioritization.

Accepted Answer

The answer of _______________ are histograms that rank the categories...

Question 28

Once an organization implements a security plan,they can expect to remain secure for an extended period of time.

Accepted Answer

The answer of Once an organization implements a security plan,they...

Question 29

Performing a cost/benefit analysis to determine the effectiveness of a countermeasure is not a useful way to evaluate a countermeasure,because risk needs to be reduced at any cost.

Accepted Answer

The answer of Performing a cost/benefit analysis to determine the...

Question 30

The term _______________ refers to taking action to reduce the likelihood of a threat occurring.

Accepted Answer

The answer of The term _______________ refers to taking action...

Question 31

Cause and effect analysis is the process of identifying relationships between a risk and the organization's needs.

Accepted Answer

The answer of Cause and effect analysis is the process...

Question 32

A risk management plan is a comprehensive document that explains how risks will be identified on a given project.

Accepted Answer

The answer of A risk management plan is a comprehensive...

Question 33

Residual risk is covered by insurance companies.

Accepted Answer

The answer of Residual risk is covered by insurance companies....

Question 34

An organization can reduce its risks to zero through careful planning and implementation.

Accepted Answer

The answer of An organization can reduce its risks to...

Question 35

A(n)_______________ is any characteristic of an asset that can be exploited by a threat to cause harm.

Accepted Answer

The answer of A(n)_______________ is any characteristic of an asset...

Question 36

_______________ is the overall decision-making process of identifying threats and vulnerabilities and their potential impacts,determining the costs to mitigate such events,and deciding what actions are cost effective for controlling these risks.

Accepted Answer

The answer of _______________ is the overall decision-making process of...

Question 37

The formulas used to justify the single loss expectancy (SLE)are extremely accurate.

Accepted Answer

The answer of The formulas used to justify the single...

Question 38

It is recognized throughout the industry that the best type of risk assessment to conduct is a purely quantitative one.

Accepted Answer

The answer of It is recognized throughout the industry that...

Question 39

_______________ refers to the loss that results when a threat exploits a vulnerability.

Accepted Answer

The answer of _______________ refers to the loss that results...

Question 40

A straightforward method for comparing cost estimates with the benefits of a mitigation strategy is called a(n)_______________.

Accepted Answer

The answer of A straightforward method for comparing cost estimates...

Question 41

What are the differences between a qualitative and a quantitative risk assessment?

Accepted Answer

The answer of What are the differences between a qualitative...

Question 42

Describe the use of risk management tools and principles to manage risk effectively.

Accepted Answer

The answer of Describe the use of risk management tools...

Deck 20: Risk Management