Scribd
Upload
39 views6 pages

Class Test

This document contains 15 multiple choice questions about risk management for an IT infrastructure. The questions cover topics such as risk monitoring techniques, how risk mitigation impacts change control and vulnerability management, the goal of risk assessments, defining security baselines, defining recovery time objectives, assessing risk impacts, primary focus areas of risk assessment/management, factors for internal control policies, implementing risk management in a business, the goal of risk identification, sub-goals of risk identification, and defining liability risk.

Uploaded by

noor gurib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
39 views6 pages

Class Test

This document contains 15 multiple choice questions about risk management for an IT infrastructure. The questions cover topics such as risk monitoring techniques, how risk mitigation impacts change control and vulnerability management, the goal of risk assessments, defining security baselines, defining recovery time objectives, assessing risk impacts, primary focus areas of risk assessment/management, factors for internal control policies, implementing risk management in a business, the goal of risk identification, sub-goals of risk identification, and defining liability risk.

Uploaded by

noor gurib
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

Risk Management Risk

Management
Instructions
• Write the question number next to each answer in your answer booklet.
• You are not required to rewrite the question in your answer booklet.
• Read each question carefully before you start to answer it.
• Use the full time permitted and check all your answers.
• Notes or books are not permitted.
• Answer all questions.

Each Question weighs 2.5 marks.

1. For risk monitoring, what techniques or tools can you implement within
each of the seven domains of a typical IT infrastructure to help mitigate
risk?
2. How does risk mitigation impact change control management and
vulnerability management?
3. What is the goal or objective of an IT risk assessment?
4. What is a security baseline definition?
5. If an organization under a compliance law is not in compliance, how critical
is it for your organization to mitigate this non-compliance risk element?
6. How does risk management and risk assessment relate to a business
impact analysis for an IT infrastructure?
7. What is the definition of Recovery Time Objective (RTO)? Why is this
important to define in an IT Security Policy Definition as part of the
Business Impact Analysis (BIA) or Business Continuity Plan (BCP)?

1
Risk Management

8. What must you explain to executive management when defining RTO and
RPO objectives for the BIA?
9. When assessing the risk impact a threat or vulnerability has on your
“information” assets, why must you align this assessment with your Data
Classification Standard? How can a Data Classification Standard help you
assess the risk impact on your “information” assets?
10. Which three of the seven focus areas pertaining to IT risk management are
primary focus areas of risk assessment and risk management and directly
relate to information systems security?
11. Describe five factors that should be considered when determining internal
control policies.
12. Explain ten ways in which to implement risk management within a
business.

13. Outline the goal of risk identification.


14. Describe nine sub-goals that must be satisfied in order for the risk
identification process to be complete.
15. Discuss what is meant by liability risk.

You might also like