Governance

Question 1

Risk Profile

Answer 1

Is based on the aggregate risk to the enterprise, including historical risk, critical risk, and emerging risk.

Question 2

Owner of Risk Treatment

Answer 2

Senior management owns the risk treatment decisions

Question 3

Risk Treament Plan Owner

Answer 3

Owns the Risk Treatment Plan and the monitoring of the plan

Question 4

First Line Of Defense

Answer 4

Operational Managers (business owners), Are responsible for managing risk. They are responsible for implementing corrective action.

Question 5

Relevance Risk

Answer 5

Composite form of risk requiring both Integrity and Availability risk. Could create access risk.

Question 6

3 Lines Of Defense

Answer 6

1st Line is Operations Functions
2nd Line is compliance, ethics, risk management.
3rd Line is internal auditing, independent verification.

Question 7

Most Effective at Managing and Executing Risk Management

Answer 7

Mid Level Management

Question 8

Primary Goal of Risk Management Process

Answer 8

Is to protect the enterprise and its ability to perform its mission.

Question 9

Best supports effort to successfully deliver to business requirements

Answer 9

Internal control system or FRAMEWORK.

Question 10

Most concern for a security practitioner is

Answer 10

Not reporting successful attack. This is called abetting and worse than not periodically checking permissions.