Which of the following BEST describes the role of management in implementing a risk management strategy?

Assess and incorporate the results of risk management into the decision-making process.

Ensure that the planning, budgeting and performance of information security components are appropriate.

Identify, evaluate and minimize risk to lT systems that support the mission of the enterprise.

Understand the risk management process so that appropriate training materials and programs can be developed.

Shortly after performing the annual review and revision of corporate policies, a risk practitioner becomes aware that a new law may affect security requirements for the human resources system. The risk practitioner should:

analyze what systems and technology-related processes may be impacted

notify the system custodian to implement changes

ensure necessary adjustments are implemented during the next review cycle

initiate an ad hoc revision of the corporate policy

Which of the following is the MOST important information to include in a risk management strategic plan?

Current state and desired future state

Risk management staffing requirements

Risk management mission statement

Risk mitigation investment plans

Which of the following can provide the BEST perspective of risk management to an enterprise's employees and stockholders?

An interdisciplinary team within the enterprise

A third-party risk assessment service provider

The enterprise's internal compliance department

An enterprise has outsourced personnel data processing to a supplier, and a regulatory violation occurs during processing. Who will be held legally responsible?

The enterprise, because it owns the data

The supplier, because it has the operational responsibility

The enterprise and the supplier

The supplier, because it did not comply with the contract

An enterprise is hiring a consultant to help determine the maturity level of the risk management program. The MOST important element of the request for proposal is the:

methodology used in the assessment

past experience of the engagement team

references from other enterprises

An enterprise has outsourced the majority of its IT department to a third party whose servers are in a foreign country. Which of the following is the MOST critical security consideration?

Laws and regulations of the country of origin may not be enforceable in the foreign country

A security breach notification may get delayed due to the time difference.

Additional network intrusion detection sensors should be installed, resulting in additional cost.

The enterprise could be unable to monitor compliance with its internal security and privacy guidelines.

Which of the following factors will have the GREATEST impact on the type of information security governance model that an enterprise adopts?

The type of technology that the enterprise uses

What is the MOST effective method to evaluate the potential impact of legal, regulatory and contractual requirements on business objectives?

A compliance-oriented business impact analysis

A compliance-oriented gap analysis

Interviews with business process stakeholders

A mapping of compliance requirements to policies and procedures

Which of the following approaches to corporate policy BEST supports an enterprise's expansion to other regions, where different local laws apply?

Local policies to accommodate laws within each region

A global policy without provisions that might be disputed at local levels

A global policy amended to comply with local laws

A global policy that complies with laws at enterprise headquarters

Which of the following BEST describes the risk-related roles and responsibilities of an organizational business unit (BU)? The BU management team:

owns the risk and is responsible for identifying, assessing and mitigating risk, and reporting to the appropriate support functions and the board of directors.

owns the mitigation plan for the risk belonging to its BU, while board members are responsible for identifying and assessing risk and reporting to the appropriate support functions.

carries out the respective risk-related responsibilities, but ultimate accountability for risk management and goal achievement belongs to the board of directors.

is ultimately accountable for risk management and goal achievement, and the board of directors owns the risk.

Which of the following would be the BEST approach for a global enterprise that is subject to regulation by multiple governmental jurisdictions with differing requirements?

Establishing a baseline standard incorporating the requirements all jurisdictions have in common

Bringing all locations into conformity with the aggregate requirements of all governmental jurisdictions

Bringing all locations into conformity with a generally accepted set of industry good practices

Establishing baseline standards for all locations and add supplemental standards as required

Which of the following BEST ensures the overall effectiveness of a risk management program?

Gaining the participation of relevant stakeholders

Obtaining feedback from all end users

Assigning a dedicated risk manager to run the program

Applying quantitative risk methodologies

Which of the following is the GREATEST risk of a policy that defines data and system ownership inadequately?

Specific user accountability cannot be established.

Audit recommendations may not be implemented.

Users may have unauthorized access to create, modify or delete data.

User management coordination does not exist.

Which of the following is the PRIMARY reason for subjecting the risk management process to review by independent risk auditors and assessors?

To ensure that the risk factors and risk profile are well-defined

To ensure that the risk results are consistent

To correct any mistakes in risk assessment

To validate the control weaknesses for management reporting

Which of the following approaches BEST helps an enterprise achieve risk-based organizational objectives?

Embed risk management activities into business processes

Ensure that asset owners perform annual risk assessments

Review and update the risk register regularly

Assign a steering committee to the risk management process

Which of the following is the GREATEST benefit of a risk-aware culture?

Issues are escalated when suspicious activity is noticed.

Controls are double-checked to anticipate any issues.

Individuals communicate with peers for knowledge sharing.

Employees are self-motivated to learn about costs and benefits.

Information security procedures should:

underline the importance of security governance.

describe security baselines for each platform.

be updated frequently as new software is released.

define the allowable limits of behavior.

A company has been improving its organizational security and compliance program since the last security review was conducted one year ago. What should the company do to evaluate its current risk profile?

Conduct follow-up audits in areas that were found deficient in the previous review.

Monitor the key risk indicators and use the results to develop targeted assessments.

Perform a new enterprise risk assessment using an independent expert.

Review previous findings and ensure that all issues have been resolved.

Risk Management Strategies

Authored by Shyama Prasad

Computers

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

27 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The PRIMARY focus of managing IT-related business risk is to protect:

information

hardware

applications

databases

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The MAIN objective of IT risk management is to:

prevent loss of IT assets.

provide timely management reports.

ensure regulatory compliance.

enable risk-aware business decisions.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Who is MOST likely responsible for data classification?

Data user

Data owner

Data custodian

System administrator

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

When assessing the capability of the risk management process, a regulatory body would place the GREATEST reliance on:

a peer review

an internal review

an external review

a process capability review

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Who MUST give final sign-off on the IT risk management plan?

IT auditors performing the risk assessment

Business process owners

Senior managers

IT security administrators

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is MOST important to determine when defining risk management strategies?

Risk assessment criteria

IT architecture complexity

Enterprise disaster recovery plan

Business objectives and operations

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the following is MOST beneficial to improvement of an enterprise's risk management process?

Key risk indicators

External benchmarking

Latest risk assessment

A maturity model

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

22 questions

Wissensmanagement Quiz

Quiz

•

Professional Development

22 questions

CISSP Asset Quiz

Quiz

•

Professional Development

22 questions

OSPF Protocol

Quiz

•

University - Professi...

22 questions

Blockchain Basicss

Quiz

•

Professional Development

22 questions

Friki

Quiz

•

Professional Development

23 questions

Data Quality Quiz

Quiz

•

Professional Development

22 questions

Sec+ Day1 Security Concepts & Threat Types

Quiz

•

Professional Development

22 questions

Exam Questions NSE4_FGT-7.0 Fortinet NSE 4 - FortiOS 7.0

Quiz

•

Professional Development

Popular Resources on Wayground

10 questions

5.P.1.3 Distance/Time Graphs

Quiz

•

5th Grade

10 questions

Fire Drill

Quiz

•

2nd - 5th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

22 questions

School Wide Vocab Group 1 Master

Quiz

•

6th - 8th Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

20 questions

Inferences

Quiz

•

4th Grade

12 questions

What makes Nebraska's government unique?

Quiz

•

4th - 5th Grade

Discover more resources for Computers

16 questions

Parallel, Perpendicular, and Intersecting Lines

Quiz

•

KG - Professional Dev...

20 questions

NCAA Logo Quiz

Quiz

•

Professional Development

20 questions

Easter trivia

Quiz

•

12th Grade - Professi...

Risk Management Strategies

The PRIMARY focus of managing IT-related business risk is to protect:

The MAIN objective of IT risk management is to:

Who is MOST likely responsible for data classification?

When assessing the capability of the risk management process, a regulatory body would place the GREATEST reliance on:

Who MUST give final sign-off on the IT risk management plan?

Which of the following is MOST important to determine when defining risk management strategies?

Which of the following is MOST beneficial to improvement of an enterprise's risk management process?

Which of the following BEST describes the role of management in implementing a risk management strategy?

Which of the following roles is responsible for evaluating the effectiveness of existing internal information security controls within an enterprise?

Shortly after performing the annual review and revision of corporate policies, a risk practitioner becomes aware that a new law may affect security requirements for the human resources system. The risk practitioner should:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Computers