Quiz on Information Security Risk Management

Only financial losses

Possible events that could disrupt an organization

Only harm to reputation

Only failures in information systems

The marketing team

The information security professional

The finance department

The IT department

Implementing security controls

Identifying potential threats

Transferring risk

Calculating financial losses

Statistical modeling

Subjective evaluation of threats

Decision tree analysis

Simulations

Ignoring vulnerabilities

Accepting the risk as is

Addressing the root cause of a vulnerability

Transferring risk to another party

Information that is publicly available

Information that is encrypted

Information that can identify an individual

Information that is only used internally

Accept risk

Mitigate risk

Transfer risk

Avoid risk

To focus solely on financial risks

To eliminate all risks

To provide a lifecycle model for managing risks

To increase the number of risks

A potential vulnerability

A risk assessment method

A security control

A situation that can cause harm

Deciding to ignore the risk

Transferring the risk to another party

Choosing not to engage in risky behavior

Acknowledging the risk and not taking action