Information Security Risk Management Concepts

12 Questions | Total Attempts: 1255

SettingsSettingsSettings
Please wait...
Information Security Risk Management Concepts

Please enter your full name below to begin the quiz.


Questions and Answers
  • 1. 
    Who is ultimately responsible for managing information security risks?
    • A. 

      End User

    • B. 

      Information Owner

    • C. 

      Chief Executive Officer

  • 2. 
    The manager of a department responsible for a particular set of information assets is called the:
    • A. 

      Data Custodian

    • B. 

      End User

    • C. 

      Data Owner

  • 3. 
    Management has a responsibility to protect valuable information assets under their care.  This relates to which "core value" of information security risk management?
    • A. 

      Appropriate and Practical Security

    • B. 

      Due Diligence

    • C. 

      Trust and Confidence

  • 4. 
    Security controls may involve monetary costs, and may place other burdens on the organization – for example, requiring employees to wear ID badges. 
    • A. 

      True

    • B. 

      False

  • 5. 
    To estimate the level of risk from a particular type of security breach, three factors are considered:  threats, vulnerabilities, and impact.An agent with the potential to CAUSE a security breach. This could be either a person or an environmental condition such as fire would be a(n)
    • A. 

      Threat

    • B. 

      Vulnerability

    • C. 

      Impact

  • 6. 
    To estimate the level of risk from a particular type of security breach, three factors are considered:  threats, vulnerabilities, and impact.A weakness or flaw in security that could ALLOW a security breach to occur would be a(n)
    • A. 

      Threat

    • B. 

      Vulnerability

    • C. 

      Impact

  • 7. 
    To estimate the level of risk from a particular type of security breach, three factors are considered:  threatsvulnerabilities, and impact.The estimated COST incurred as a result of a particular type of security breach. would be a(n)
    • A. 

      Threat

    • B. 

      Vulnerability

    • C. 

      Impact

  • 8. 
    • A. 

      $200,000

    • B. 

      $150,000

    • C. 

      $50,000

  • 9. 
    Assuming the following: ·         Your organization estimates that lost or stolen laptops will result in $100,000 in costs over the next year. ·         To prevent these losses, new laptop security measures are proposed, at a cost of $20,000. Is the cost of these new security controls appropriate to the level of risk?
    • A. 

      No

    • B. 

      Yes

  • 10. 
    There are three types of information security threats:  external threatsenvironmental or physical threats, and internal threats. Theft of confidential information by a criminal hacker is an
    • A. 

      External Threat

    • B. 

      Environmental or Physical Threat

    • C. 

      Internal Threat

  • 11. 
    There are three types of information security threats:  external threatsenvironmental or physical threats, and internal threats. Destruction of computer systems by flooding is an
    • A. 

      External Threat

    • B. 

      Environmental or Physical Threat

    • C. 

      Internal Threat

  • 12. 
    There are three types of information security threats:  external threatsenvironmental or physical threats, and internal threats. Intentional destruction of important data by a disgruntled employee is an
    • A. 

      External Threat

    • B. 

      Environmental or Physical Threat

    • C. 

      Internal Threat