To identify, analyze, and evaluate potential risks to the organization's information systems and data.

To increase the speed of internet connection

To provide training for employees

To improve customer service

Access control, encryption, and intrusion detection systems

Password protection, data backup, and software updates

Biometric authentication, physical barriers, and security cameras

Firewall, antivirus, and spam filter

It helps in identifying, containing, and mitigating the impact of security incidents, reducing the overall risk to the organization.

It is not necessary in cyber risk management

It has no impact on reducing security incidents

It only increases the overall risk to the organization

Not having any policies or procedures

Following only industry standards

Adherence to laws, regulations, industry standards, policies, and procedures

Ignoring all laws and regulations

By waiting for a cyber attack to occur before taking action

By analyzing vulnerabilities and potential impacts of assets and systems.

By ignoring potential threats and vulnerabilities

By randomly selecting assets and systems to protect

Security controls only work for physical security, not cyber security

Security controls have no impact on mitigating cyber risks

Security controls increase cyber risks by creating more complexity in the system

Security controls help in mitigating cyber risks by implementing measures such as firewalls, encryption, access controls, and intrusion detection systems.

Preparation, Recovery, Analysis, Post-Incident Activity

Detection, Containment, Eradication, Preparation

Preparation, Detection and Analysis, Containment, Eradication, Recovery, Post-Incident Activity

Prevention, Analysis, Recovery, Post-Incident Activity