The maturity of an IT risk management program is MOST influenced by:

• A.industry-specific regulatory requirements
• B.the organization's risk culture
• C.benchmarking results against similar organizations
• D.expertise available within the IT department

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY reason to have the risk management process reviewed by a third party?

• A.Obtain an objective view of process gaps and systemic errors.
• B.Obtain objective assessment of the control environment.
• C.Validate the threat management process.
• D.Ensure the risk profile is defined and communicated.

Comment: *

Name: *

Email: *

Verification: *

A risk heat map is MOST commonly used as part of an IT risk analysis to facilitate risk:

• A.treatment
• B.identification
• C.communication
• D.assessment

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be an element of the risk appetite of an organization?

• A.The effectiveness of compensating controls
• B.The amount of inherent risk considered appropriate
• C.The residual risk affected by preventive controls
• D.The enterprise's capacity to absorb loss

Comment: *

Name: *

Email: *

Verification: *

The MAIN reason for creating and maintaining a risk register is to:

• A.account for identified key risk factors.
• B.ensure assets have low residual risk.
• C.define the risk assessment methodology.
• D.assess effectiveness of different projects.

Comment: *

Name: *

Email: *

Verification: *