DSM1244(5) ESRM LIFECYCLE

According to ISO, which is the most valued asset?

Which best defines asset?

The first step in the ESRM cycle is to identify assets.

Risk managers must be casual in asset discovery and investigation.

Risk managers cannot understand risks before understanding the assets that need protection.

Relationships built in company does not help in asset investigation.

An asset can only be owned by one person.

Stakeholders does not mean asset owner.

A building is a physical asset.

If an asset is compromised, the impact will cascade to business operations because assets are interdependent.

All types of assets are equally important to all departments due to same exposure and impact.

Which does not refer to assets identification?

Tangible assets are valued quantitatively.

Failure to deliver replacement equipment on time disrupts business operations.

Valuing tangible assets are harder than intangible assets.

Intangible asset valuation is through economic substitution.

The outcome of the asset valuation process is a figure.

Which is not considered in valuing intangible assets?

Which is not a risk prioritisation conflict?

Which does NOT refer to risk identification?

Which does NOT refer to risk identification investigation?

Risk assessment is only limited to security department.

Some risk assessments are simple and straightforward.

All risks are visible and obvious.

Which is NOT a risk mitigation conflict?

Which does NOT refer to risk mitigation?

Which is NOT a risk mitigation plan?

Only asset owner and risk stakeholder has final decision on treating security risk.

Conflicts are always avoidable.

Which does NOT refer to risk treatement?

Which does NOT refer to root cause analysis?

Which does not refer to root cause analysis?

Which does NOT refer to ongoing risk assessment?