03. Risk Monitoring and Reporting

Question 1

Risk Monitoring and Reporting

The process of ongoing activities, including control effectiveness assessments and risk assessments, used to observe changes in risk

Answer 1

Risk Monitoring

189

Question 2

Risk Monitoring and Reporting

Security Managers perform risk monitoring to report…

Answer 2

risk levels to executive management and identify unexpected changes in risk levels

189

Question 3

Risk Monitoring and Reporting

Typical activities that contribute to risk monitoring

Answer 3

1. Internal audits
2. Control self-assessments
3. Vulnerability assessments
4. Risk assessments

189

Question 4

Risk Monitoring and Reporting

The audience of risk monitoring is executive management. Information security managers should describe risks as they pertain to..

Answer 4

business impacts and opportunities

Executive management do not care for technical detail. They assume you or the security team will be technical experts in your field

189

Question 5

Key Risk Indicators

A measure of information risk used to reveal trends related to levels of risk of security incidents in the organisation

Answer 5

Key Risk Indicators
(KRI)

Security metrics designed to serve as early indicators of rising or falling risk

189

Question 6

Key Risk Indicators

The percentage of vulnerabilities in systems supporting revenue operations that are remediated in less than 30 days is a good example of how of a KRI that is present in a manner that…

Answer 6

Exectutive manamgent can relate to

190

Question 7

Key Risk Indicators

KRIs which communicate increases or decreases in the probability of future security incidents and events is a…

Answer 7

leading indicator

190

Question 8

Training and Awareness

Information on safe computing, security policy, security procedures, workers security-related responsibilities can be imported to all workers in the organisation through a…

Answer 8

Security awareness program

190

Question 9

Risk documentation

a purpose behind documenting business processess is so that they can be…

Answer 9

performed consistently and correctly

190

Question 10

Risk Documentation

An organisations risk management program should be fully documented to include…

Answer 10

1. Policy and Objectivies
2. Roles and Responsibilities
3. Methods and Techniques
4. Locations for data storage and archives
5. Risk tolerance
6. Business rules relating to the risk register
7. Risk treatmet
8. Procedures and methods for metrics and KRIs
9. Communication and escalation protocols
10. Review cycle

191