The Ultimate Information Security Risk Management Quiz

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Informationsecur

Informationsecur

Community Contributor

Quizzes Created: 2 | Total Attempts: 9,629

Questions: 12 | Attempts: 8,209 | Updated: Mar 22, 2023

Questions

Settings

Create your own Quiz

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

The Ultimate Information Security Risk Management Quiz - Quiz

Take this ultimate information security risk management quiz to brush up on your skills today! Information is power in today's day and age, and we must keep abreast of all the ways we can possibly keep ourselves safe in order to minimize the risks we need to take each day. Analyzing risk is a crucial step in this process, as without a good sense of what severity of risk any isolated incident carries is essential to staying safe. Take this quiz to learn more about it! Good luck!

Questions and Answers

1.

Who is ultimately responsible for managing information security risks?
- A.
  
  Chief Executive Officer
- B.
  
  End User
- C.
  
  Information Owner
Correct Answer
A. Chief Executive Officer

Explanation
The CEO is responsible for ensuring that an effective risk management process is in place.

Rate this question:

2
0
2.

The manager of a department responsible for a particular set of information assets is called the:
- A.
  
  Data Custodian
- B.
  
  End User
- C.
  
  Data Owner
Correct Answer
C. Data Owner

Explanation
The data/information owner is responsible for identifying information assets within his or her operational area, assigning security classifications to them, and working with the information security manager to ensure that appropriate security controls are in place.

Rate this question:
3.

Management has a responsibility to protect valuable information assets under their care. This relates to which "core value" of information security risk management?
- A.
  
  Appropriate and Practical Security
- B.
  
  Due Diligence
- C.
  
  Trust and Confidence
Correct Answer
B. Due Diligence

Explanation
Management can be held legally liable for failing to maintain an appropriate information security risk management program.

Rate this question:
4.

Security controls may involve monetary costs, and may place other burdens on the organization – for example, requiring employees to wear ID badges.
- A.
  
  True
- B.
  
  False
Correct Answer
A. True

Explanation
Security controls should be appropriate and practical given the level of risk.

Rate this question:
5.

To estimate the level of risk from a particular type of security breach, three factors are considered: threats, vulnerabilities, and impact.An agent with the potential to CAUSE a security breach. This could be either a person or an environmental condition such as fire would be a(n)
- A.
  
  Threat
- B.
  
  Vulnerability
- C.
  
  Impact
Correct Answer
A. Threat

Explanation
The degree of information security risk is a combination of threats, vulnerabilities and impact.

Rate this question:

1
0
6.

To estimate the level of risk from a particular type of security breach, three factors are considered: threats, vulnerabilities, and impact.A weakness or flaw in security that could ALLOW a security breach to occur would be a(n)
- A.
  
  Threat
- B.
  
  Vulnerability
- C.
  
  Impact
Correct Answer
B. Vulnerability

Explanation
The degree of information security risk is a combination of threats, vulnerabilities and impact.

Rate this question:
7.

To estimate the level of risk from a particular type of security breach, three factors are considered: threats, vulnerabilities, and impact.The estimated COST incurred as a result of a particular type of security breach. would be a(n)
- A.
  
  Threat
- B.
  
  Vulnerability
- C.
  
  Impact
Correct Answer
C. Impact

Explanation
The degree of information security risk is a combination of threats, vulnerabilities and impact.

Rate this question:
8.

Given the following: a.) The impact of a single laptop being lost or stolen is estimated at $50,000. b.) Because of inadequate security controls, it is estimated that three laptops will be lost or stolen per year. What is the annual loss expectancy from lost or stolen laptops?
- A.
  
  $200,000
- B.
  
  $150,000
- C.
  
  $50,000
Correct Answer
B. $150,000

Explanation
The calculation is formally stated as:
Single Loss Expectancy (from a particular type of security incident)
x Annual Rate of Occurrence (if no further security controls are implemented)
= Annual Loss Expectancy

Rate this question:

2
0
9.

Assuming the following: · Your organization estimates that lost or stolen laptops will result in $100,000 in costs over the next year. · To prevent these losses, new laptop security measures are proposed, at a cost of $20,000. Is the cost of these new security controls appropriate to the level of risk?
- A.
  
  No
- B.
  
  Yes
Correct Answer
B. Yes

Explanation
The cost of the new security controls is less than the estimated risk, so these controls are appropriate.

Rate this question:

1
0
10.

There are three types of information security threats: external threats, environmental or physical threats, and internal threats. Theft of confidential information by a criminal hacker is an
- A.
  
  External Threat
- B.
  
  Environmental or Physical Threat
- C.
  
  Internal Threat
Correct Answer
A. External Threat

Explanation
Feedback: Information security threats can be internal, external or environmental.

Rate this question:
11.

There are three types of information security threats: external threats, environmental or physical threats, and internal threats. Destruction of computer systems by flooding is an
- A.
  
  External Threat
- B.
  
  Environmental or Physical Threat
- C.
  
  Internal Threat
Correct Answer
B. Environmental or Physical Threat

Explanation
Feedback: Information security threats can be internal, external or environmental.

Rate this question:
12.

There are three types of information security threats: external threats, environmental or physical threats, and internal threats. Intentional destruction of important data by a disgruntled employee is an
- A.
  
  External Threat
- B.
  
  Environmental or Physical Threat
- C.
  
  Internal Threat
Correct Answer
C. Internal Threat

Explanation
Feedback: Information security threats can be internal, external or environmental.

Rate this question:

1
0

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 22, 2023

Quiz Edited by
ProProfs Editorial Team
Mar 16, 2010

Quiz Created by
Informationsecur

The Ultimate Information Security Risk Management Quiz

Who is ultimately responsible for managing information security risks?

The manager of a department responsible for a particular set of information assets is called the:

Management has a responsibility to protect valuable information assets under their care. This relates to which "core value" of information security risk management?

Security controls may involve monetary costs, and may place other burdens on the organization – for example, requiring employees to wear ID badges.

To estimate the level of risk from a particular type of security breach, three factors are considered: threats, vulnerabilities, and impact.An agent with the potential to CAUSE a security breach. This could be either a person or an environmental condition such as fire would be a(n)

To estimate the level of risk from a particular type of security breach, three factors are considered: threats, vulnerabilities, and impact.A weakness or flaw in security that could ALLOW a security breach to occur would be a(n)

To estimate the level of risk from a particular type of security breach, three factors are considered: threats, vulnerabilities, and impact.The estimated COST incurred as a result of a particular type of security breach. would be a(n)

Given the following: a.) The impact of a single laptop being lost or stolen is estimated at $50,000. b.) Because of inadequate security controls, it is estimated that three laptops will be lost or stolen per year. What is the annual loss expectancy from lost or stolen laptops?

There are three types of information security threats: external threats, environmental or physical threats, and internal threats. Theft of confidential information by a criminal hacker is an

There are three types of information security threats: external threats, environmental or physical threats, and internal threats. Destruction of computer systems by flooding is an

There are three types of information security threats: external threats, environmental or physical threats, and internal threats. Intentional destruction of important data by a disgruntled employee is an