Irm Quiz - Information Risk Management

20 Questions | Total Attempts: 17

SettingsSettingsSettings
Please wait...
Irm Quiz - Information Risk Management

Information Risk Management (IRM) is a form of risk minimization through policies, procedures, and technology which reduce the threat of cyber attacks from vulnerabilities and bad data security and from third-parties. Wanna learn new things about the topic or revise it? Take the following quiz!


Questions and Answers
  • 1. 
    It is risk to the existence or profit of the organization and may or may not have information security significance.
    • A. 

      Strategic Risk

    • B. 

      Tactical Risk

    • C. 

      Operational Risk

  • 2. 
    It is risk to the information security program’s ability to mitigate relevant strategic risk to information.
    • A. 

      Strategic Risk

    • B. 

      Tactical Risk

    • C. 

      Operational Risk

  • 3. 
    It is concerned with the ability to implement the tactical risk-based control objectives. Such risk includes budget, timelines, and technologies.
    • A. 

      Strategic Risk

    • B. 

      Tactical Risk

    • C. 

      Operational Risk

  • 4. 
    Is providing a feedback mechanism is use for continuous process improvement, true or false?
    • A. 

      True

    • B. 

      False

  • 5. 
    Not included as Risk Management Process
    • A. 

      Set Scope

    • B. 

      Address Risk

    • C. 

      Measure Performance

    • D. 

      Quality Assurance

  • 6. 
    [Blank] are negative events that occur when a vulnerability or weakness is exploited.
  • 7. 
    Threat forecasting examines multiple information sources or sensors. Th reat sensors may include
    • A. 

      Regulatory noncompliance

    • B. 

      Technical Vulnerabilities

    • C. 

      Program Reviews

  • 8. 
    Risk assessments look at the ability of the information security program to identify and mitigate relevant strategic risk to information.
    • A. 

      Strategic Assessment

    • B. 

      Option Operational Assessment

    • C. 

      Tactical Assessment

  • 9. 
    Is Technical vulnerability assessments are an example of a specifically focused type of operational risk assessment true or false?
    • A. 

      True

    • B. 

      False

  • 10. 
    Is a risk assessment framework does not allows both organization of thought and recognition of relationships among this diverse collection of threats and vulnerabilities, true or false?
    • A. 

      True

    • B. 

      False

  • 11. 
    Three attributes of Probability
    • A. 

      Frequency

    • B. 

      Velocity

    • C. 

      Simplicity

    • D. 

      Motive

  • 12. 
    It is the impact successful execution of the event would cause the organization.
  • 13. 
    Is risk may be transferred to someone with a higher risk tolerance, for example, an insurance company, true or false?
    • A. 

      True

    • B. 

      False

  • 14. 
    Controls are controls that can weigh cost versus benefits.
    • A. 

      Out of Control

    • B. 

      Mandatory controls

    • C. 

      Discretionary controls

  • 15. 
    These are controls that must be implemented to mitigate specific risks.
    • A. 

      Out of Control

    • B. 

      Mandatory controls

    • C. 

      Discretionary controls

  • 16. 
    The treatment plan should be comprehensive and should document all necessary information about (thick at least three options)
    • A. 

      Resource requirements

    • B. 

      Performance measures

    • C. 

      Reporting and monitoring requirements

    • D. 

      Set up risk reduction

  • 17. 
    Is an important responsibility of the action plan owner is to identify requirements and procure necessary resources to implement the plan, true or false?
    • A. 

      True

    • B. 

      False

  • 18. 
    Is Program metrics typically does not measure process effectiveness true or false?
    • A. 

      True

    • B. 

      False

  • 19. 
    In Control Attributes, controls in this context may be seen to have two independent attributes, maturity and weight, true or false?
    • A. 

      True

    • B. 

      False

  • 20. 
    A process-based approach is nonrepeatable, nondefensible, and non-extensible, offering metrics to optimize efficiency and effectiveness while reducing risk to an acceptable level, true or false?
    • A. 

      True

    • B. 

      False

Back to Top Back to top