The cost of implementing a security control should not exceed the:

• A.annualized loss expectancy.
• B.cost of an incident.
• C.asset value.
• D.implementation opportunity costs.

Comment: *

Name: *

Email: *

Verification: *

An information security team has been tasked with identifying confidential data within the organization to formalize its asset classification scheme. The MOST relevant input would be provided by:

• A.business process owners.
• B.database administrators (DBAs).
• C.the chief information officer (CIO),
• D.the legal department.

Comment: *

Name: *

Email: *

Verification: *

When performing a quantitative risk analysis, which of the following is MOST important to estimate the potential loss?

• A.Evaluate productivity losses
• B.Assess the impact of confidential data disclosure
• C.Calculate the value of the information or asset
• D.Measure the probability of occurrence of each threat

Comment: *

Name: *

Email: *

Verification: *

In an organization implementing a data classification program, ultimate responsibility for the data on the database server lies with the:

• A.information security manager
• B.business unit manager.
• C.database administrator (DBA).
• D.information technology manager

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to consider when prioritizing threats during the risk assessment process?

• A.The severity of exploited vulnerabilities
• B.The criticality of threatened systems
• C.The potential impact on operations
• D.The capability of threat actors

Comment: *

Name: *

Email: *

Verification: *