Risk Mgmt

Question 1

data classification mechanism objective

Answer 1

cost reduction more than security

Question 2

data purging responsibility

Answer 2

data owner.. more functional role than security

Question 3

COBIT provides

Answer 3

Control objectives
Control Practices
Goal indicators
Performance indicators
success factors
Maturity Models

Question 4

Delayed loss risk

Answer 4

Employee Productivity

Question 5

Qualitative risk analysis

Answer 5

Threat modeling

Question 6

Standards

Answer 6

Rules on how to accomplish policy objectives

Question 7

Risk Analysis is related to

Answer 7

uncertainty analysis.

Question 8

BC & DR provides

Answer 8

compensating control

Question 9

Policy developement Lifecycle

Answer 9

initiation, evaluation, development, approval, publication, implementation, maintenance

Question 10

If data is going to be used by more people

Answer 10

it should be more securely controlled.

Question 11

To classify the data, data owner should evaluate

Answer 11

CIA requirements

Question 12

effective security program needs balanced

Answer 12

technical and non technical methods

Question 13

Truly quantitative risk analysis is not possible because

Answer 13

quantitative measures must be applied to qualitative elements

Question 14

technical focused policies

Answer 14

system specific

Question 15

key for any project such as risk analysis

Answer 15

project sizing, scope

Question 16

SABSA - Sherwood Applied Business Security Arch

Answer 16

6 layers for more focus and preciseness. Each layer represents different view of organization

Question 17

Identifying failures in complex environments

Answer 17

Fault Tree analysis

Question 18

Common methods to test security level of an environment

Answer 18

Wardialing
Log review
Password cracking
Penetration testing
Vulnerability testing
network mapping