IS3110 CHAP 4 Flashcards
What are valid contents of a risk management plan?
- Objectives
- Scopes
- Recommendations
- POAM
- All the above
ALL Objectives Scopes Recommendations POAM
What should be included in the objectives of a risk management plan?
- A list of threats
- A list of vulnerabilities
- Costs associated with risks
- Cost-benefit analysis
- All the above
ALL A list of threats A list of vulnerabilities Costs associated with risks Cost-benefit analysis
What will the scope of a risk management plan define?
- Objectives
- POAM
- Recommendations
- Boundaries
Boundaries
What problem can occur if the scope of a risk management plan is not defined?
- Excess boundaries
- Stakeholder loss
- Scope creep
- SSCP
Scope creep
What is a stakeholder?
- A mark that identifies critical steps
- An individual or group that has an interest in the project
- A critical process or procedure
- Another name for the risk management plan project manager
An individual or group that has an interest in the project
A key stake holder should have authority to make decisions about a project. This includes authority to provide additional resources.
TRUE OR FALSE
TRUE
A risk management plan project manager oversees the entire plan. what is the project manager responsible for? (Select two)
- Ensuring costs are controlled
- Ensuring the project stays on schedule
- Ensuring stakeholders have adequate funds
- Ensuring recommendations are adopted
Ensuring costs are controlled
Ensuring the project stays on schedule
A risk management plan includes steps to mitigate risks. Who is responsible for choosing what steps to implement?
- The project manager
- Management
- Risk management team
- The POAM manager
Management
A risk management plan includes a list of findings in a report. The findings identify threats and vulnerabilities. What type of diagram can document some of the findings?
- Gantt chart
- Critical path chart
- POAM diagram
- Cause and effect diagram
POAM diagram
What elements should be included in the findings of the risk management report?
- Causes, criteria, and effects
- Threats, causes, and effects
- Criteria, vulnerabilities, and effects
- Causes, criteria, and milestones
Causes, criteria, and effects
What is a primary tool used to identify the financial significance of a mitigation tool?
- Ishikawa diagram
- Fishbone diagram
- CBA
- POAM
CBA
A fishbone diagram can link causes with effects.
TRUE OR FALSE
TRUE
You present management with recommendations from a risk management plan. What can management choose to do?
- Accept or reject the recommendations
- Adjust, defer, or modify the recommendations
- Accept, defer, or modify the recommendations
- Allow or deny the recommendations
Accept, defer, or modify the recommendations
What is a POAM?
- Project objectives and milestones
- Planned objectives and milestones
- Project of action milestone
- Plan of action and milestones
Plan of action and milestones
A POAM is used to track the progress of a project. What type of chart is commonly used to assist with tracking?
- Fishbone chart
- Cause and effect chart
- GANTT chart
- POAM chart
GANTT chart
A method used to create lists of threats, vulnerabilities, or respond plans. It starts with a large topic such as a problem statement. It then narrows the problem to individual sources.
Affinity diagram
A creative method used to generate a large number of ideas on a topic. Participants are encouraged to mention any idea that comes to mind. Ideas are recorded without judgements.
Brainstorming
AKA ISHIKAWA diagram or FISHBONE diagram. It is used to show the relationships between causes and problems.
Cause and effect diagram
A chart of critical tasks in a project. If any task in the critical path is delayed, the entire project will be delayed.
Critical path chart
Filters traffic; rules are configured to define what traffic is allowed and what traffic is blocked. A network system is a combination of hardware and software. Individual systems can include a single software-based filter.
Firewall
A self-contained solution. It includes hardware and software to provide security protection for a network.
Firewall appliance
A document that identifies what traffic to allow or block. A firewall policy is often used to implement rules.
Firewall policy
A bar chart used to show a project schedule. This is commonly used in project management and can be used in risk management plans.
Gantt chart
A scheduled event for a project. It indicates the completion of a major task or group or tasks. They are used to track the progress of a project.
Milestone
A graphical representation of major milestones. It shows the time relationship of milestones to each other. It also show dependencies, if any.
Milestone Plan Chart
A document used to track activities in a risk management plan. A POAM assigns responsibility for specific tasks. It also makes it easier for management to follow-up on the tasks.
Plan of action and milestones (POAM)
A statement used to summarize a risk. They often use an “if/then” format. The “if” part of the statement identifies the elements of the risk. The “then portion of the statement identifies the result.
Risk statement
The boundaries of a risk management plan. It defines what the plan should cover. Defining the scope helps prevent scope creep.
Scope
A problem with projects resulting from uncontrolled changes. It should be avoided and can result in cost overruns and missed deadlines.
Scope creep
An individual or group that has a stake, or interest, in the success of a project. They have some authority over the project. Additionally, they can provide resources for the project.
Stakeholder