Prior audit reports

Risk assessment reports

Regulatory requirements

All the above

Installation of surveillance cameras with warning signs about filming.

Automatic backup of data to restore it in case of loss.

Installing anti-virus software to detect malware.

Regularly testing the system for vulnerabilities to eliminate them.

Residual risk = Gross risk – risks covered by the implemented control

Residual risk = Net risk - risks covered by the implemented control

Residual risk = Gross risk – net risk

Residual risk = Net risk – Gross risk

SoD

Requirements for roll-back plans

Emergency change management

All the above

Data integrity principles

Checksums

Checkdigits

Limit checks

The level of risk that an organization is willing to accept in pursuit of its objectives.

A detailed process of identifying and mitigating all risks within an organization.

The minimum level of risk that an organization is legally required to avoid.

The set of policies used to eliminate all potential risks to the organization.

Something you know

Something you have

Something you are

None of the above