Lot 5

Question 1

A subset of risk indicators that are highly relevant and

possess a high probability of predicting or indicating important risk

Answer 1

Key risk indicator (KRI) -

Question 2

The principle of allowing users or applications the least amount of
permissions necessary to perform their intended function

Answer 2

Least privilege -

Question 3

A means of restricting access to data based on
varying degrees of security requirements for information contained in the objects and the
corresponding security clearance of users or programs acting on their behalf

Answer 3

Mandatory access control (MAC) -

Question 4

Maximum time the organization can support

processing in alternate mode

Answer 4

Maximum tolerable outage (MTO) -

Question 5

Overall intention and direction as formally expressed by management

Answer 5

Policy -

Question 6

A document containing a detailed description of the steps necessary to
perform specific operations in conformance with applicable standards. Procedures are
defined as part of processes.

Answer 6

Procedure -

Question 7

The remaining risk after management has implemented risk response

Answer 7

Residual risk -

Question 8

A measure of operating performance and efficiency,
computed in its simplest form by dividing net income by the total investment over the
period being considered

Answer 8

Return on investment (ROI) -

Question 9

An estimate of return on security investment

based on how much will be saved by reduced losses divided by the investment

Answer 9

Return on security investment (ROSI) -

Question 10

The combination of the probability of an event and its consequence. (ISO/IEC 73).
Risk has traditionally been expressed as Threats x Vulnerabilities = Risk

Answer 10

Risk -