BCIS 4740_M4 Assessment (Governance, Risk, and Compliance)

Separation of duties helps to prevent an individual from embezzling money from a company. To embezzle funds successfully, an individual would need to recruit others to commit an act of (an agreement between two or more parties established for the purpose of committing deception or fraud).

If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE?

Which of the following strategies involves identifying a risk and making the decision to discontinue engaging in the action?

The board of directors of Kate’s company recently hired an independent firm to review the state of the organization’s security controls and certify those results to the board. What term best describes this engagement?

The risk assessment component, in conjunction with the , provides the organization with an accurate picture of the situation facing it.

Which of the following strategies necessitates an identified risk that those involved understand the potential cost/damage and agree to live with it?

Under the European Union’s GDPR, what term is assigned to the individual who leads an organization’s privacy efforts?

Asa believes that her organization is taking data collected from customers for technical support and using it for marketing without their permission. What principle is most likely being violated?

What is the term used for events that were mistakenly flagged although they weren’t truly events about which to be concerned?

Please refer to the following scenario: • Grace recently completed a risk assessment of her organization’s exposure to data breaches and determined that there is a high level of risk related to the loss of sensitive personal information. She is considering a variety of approaches to managing this risk. Grace’s first idea is to add a web application firewall to protect her organization against SQL injection attacks. What risk management strategy does this approach adopt?

  Risk acceptance