BSIT 3-2: IAS - Final Quiz - 7-19-2023

True

False

The risk factor over which the organization has the most control

Impossible to accurately assess by an outside consultant

The risk factor that is most expensive to correct

The only risk factor that can be influenced by the organization

Limit their strategy to using proven security measures only

Assess all possible threats to the organization

Apply a protection strategy that employs a suite of solutions

Ensure that management is aware of existing vulnerabilities

Risk Assessment

Identifying vulnerabilities

Classifying and prioritizing information assets

Asset Identification and Inventory

Developing risk control strategies

Quantifying the risks facing each asset

Presenting periodic reports to management

Implementing security measures for all information assets

It ensures that risk control strategies are effectively implemented

It allows for efficient allocation of budget for risk management

It eliminates the need for representatives from different departments in the team

It helps establish a systematic and well-organized approach to risk identification

To identify and document potential risks and vulnerabilities

To prioritize information assets based on their value

To quantify the potential impact of risks on the organization

To classify organizational assets based on their level of sensitivity

To establish the overall effectiveness of security technologies in the organization

To assign a numerical value to the likelihood of successful attacks

To determine the absolute risk level of an information asset

To create a comprehensive list of potential controls for each vulnerability

Using a scale from 0.1 to 1.0

Using a scale from 1 to 100

Using a scale from 0 to 10

Using a scale from low to high

The total risk of all identified vulnerabilities

The initial risk level before applying any controls

The risk that remains after implementing controls

The risk associated with unknown threats