Which of the following is the PRIMARY objective of providing an aggregated view of IT risk to business management?

• A.To enable consistent data on risk to be obtained
• B.To identify dependencies for reporting risk
• C.To provide consistent and clear terminology
• D.To allow for proper review of risk tolerance

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be of GREATEST concern to a risk practitioner reviewing current key risk indicators (KRIs)?

• A.The KRIs' source data lacks integrity.
• B.The KRIs are not quantitative.
• C.The KRIs do not allow for trend analysis.
• D.The KRIs are not automated.

Comment: *

Name: *

Email: *

Verification: *

Which of the following assets are the examples of intangible assets of an enterprise?
Each correct answer represents a complete solution. Choose two.

• A.Customer trust
• B.Information
• C.People
• D.Infrastructure

Comment: *

Name: *

Email: *

Verification: *

An organization has received notification that it is a potential victim of a cybercrime that may have compromised sensitive customer data. What should be The FIRST course of action?

• A.Invoke the incident response plan.
• B.Determine the business impact.
• C.Invoke the business continuity plan (BCP).
• D.Conduct a forensic investigation.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY objective for requiring an independent review of an organizations IT risk management process should be to:

• A.ensure IT risk management is focused on mitigating potential risk.
• B.confirm that IT risk assessment results are expressed as business impact.
• C.assess gaps in IT risk management operations and strategic focus.
• D.verify implemented controls to reduce the likelihood of threat materialization.

Comment: *

Name: *

Email: *

Verification: *