Chapter 4 Assessment Flashcards
Risk management is responding to a negative
event when it occurs.
True
With respect to IT security, a risk can result in
either a positive or a negative effect.
True
According to PMI, which term describes the list of
identified risks?
Risk registe
What is the primary purpose of a business impact
analysis (BIA)
All of the above–
A. To identify, categorize, and prioritize mission
critical business functions
B. To provide a road map for business continuity
and disaster recovery planning
C. To assist organizations with risk management
D. To assist organizations with incident response
planning
Which of the following terms defines the amount
of time it takes to recover a production IT system,
application, and access to data?
Recovery time objective
The recovery point objective (RPO) defines the
last point in time for _______ recovery that can be
enabled back into production.
Data
Which of the following solutions are used for
authenticating a user to gain access to systems,
applications, and data?
All of the above-- A. Passwords and PINs B. Smart cards and tokens C. Biometric devices D. Digital certificates
Which risk management approach requires a dis
tributed approach with business units working
with the IT organization?
OCTAVE
The NIST SP800-30 standard is a _______________
management framework standard for performing
risk management.
Risk
Which term indicates the maximum amount of
data loss over a time period?
RPO
Organizations that permit their employees to use
their own laptops or smartphone devices and
connect to the IT infrastructure describe a policy
referred to as:
BYOD
Which of the following are organizational concerns for BYOD and mobility?
None of the above
__ __ is the U.S. security-related act that governs
regulated health care information.
HIPAA
Which U.S. security-related act governs the security of data specifically for the financial industry
GLBA
Which of the following business drivers are impacting businesses’ and organizations’ security
requirements and implementations?
All of the above - A. Mobility B. Regulatory compliance C. Productivity enhancements D. Always-on connectivity