Information Security Risk Management Concepts

12 Questions | By Informationsecur | Last updated: Sep 24, 2018 | Total Attempts: 1255

Questions

Settings

Information Security Risk Management Concepts

Please enter your full name below to begin the quiz.

More Risk Management Quizzes

Quiz: Risk Management Practice Questions! Quiz: Risk Management Practice Questions!

Student Organization Online Management Test - Risk Management Module Student Organization Online Management Test - Risk Management Module

Risk Management Quiz Risk Management Quiz

Featured Quizzes

Quiz: What U.S. City Should You Live In? Quiz: What U.S. City Should You Live In?

Which Harry Potter Hogwarts House Do You Belong To Quiz! Which Harry Potter Hogwarts House Do You Belong To Quiz!

The Office Trivia Quiz! The Office Trivia Quiz!

Related Topics

Questions and Answers

1.

Who is ultimately responsible for managing information security risks?
- A.
  
  End User
- B.
  
  Information Owner
- C.
  
  Chief Executive Officer
2.

The manager of a department responsible for a particular set of information assets is called the:
- A.
  
  Data Custodian
- B.
  
  End User
- C.
  
  Data Owner
3.

Management has a responsibility to protect valuable information assets under their care. This relates to which "core value" of information security risk management?
- A.
  
  Appropriate and Practical Security
- B.
  
  Due Diligence
- C.
  
  Trust and Confidence
4.

Security controls may involve monetary costs, and may place other burdens on the organization – for example, requiring employees to wear ID badges.
- A.
  
  True
- B.
  
  False
5.

To estimate the level of risk from a particular type of security breach, three factors are considered: threats, vulnerabilities, and impact.An agent with the potential to CAUSE a security breach. This could be either a person or an environmental condition such as fire would be a(n)
- A.
  
  Threat
- B.
  
  Vulnerability
- C.
  
  Impact
6.

To estimate the level of risk from a particular type of security breach, three factors are considered: threats, vulnerabilities, and impact.A weakness or flaw in security that could ALLOW a security breach to occur would be a(n)
- A.
  
  Threat
- B.
  
  Vulnerability
- C.
  
  Impact
7.

To estimate the level of risk from a particular type of security breach, three factors are considered: threats, vulnerabilities, and impact.The estimated COST incurred as a result of a particular type of security breach. would be a(n)
- A.
  
  Threat
- B.
  
  Vulnerability
- C.
  
  Impact
8.

Given the following: a.) The impact of a single laptop being lost or stolen is estimated at $50,000. b.) Because of inadequate security controls, it is estimated that three laptops will be lost or stolen per year. What is the annual loss expectancy from lost or stolen laptops?

Discuss
- A.
  
  $200,000
- B.
  
  $150,000
- C.
  
  $50,000
9.

Assuming the following: · Your organization estimates that lost or stolen laptops will result in $100,000 in costs over the next year. · To prevent these losses, new laptop security measures are proposed, at a cost of $20,000. Is the cost of these new security controls appropriate to the level of risk?
- A.
  
  No
- B.
  
  Yes
10.

There are three types of information security threats: external threats, environmental or physical threats, and internal threats. Theft of confidential information by a criminal hacker is an
- A.
  
  External Threat
- B.
  
  Environmental or Physical Threat
- C.
  
  Internal Threat
11.

There are three types of information security threats: external threats, environmental or physical threats, and internal threats. Destruction of computer systems by flooding is an
- A.
  
  External Threat
- B.
  
  Environmental or Physical Threat
- C.
  
  Internal Threat
12.

There are three types of information security threats: external threats, environmental or physical threats, and internal threats. Intentional destruction of important data by a disgruntled employee is an
- A.
  
  External Threat
- B.
  
  Environmental or Physical Threat
- C.
  
  Internal Threat

Back to top