Which of the following processes is described in the statement below? "It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."
Correct Answer: D,E
is incorrect. Risk response is a process of deciding what measures should be taken to reduce threats and take advantage ofthe opportunities discovered during the risk analysis processes. This process also includes assigning departments or individual staff members the responsibility of carrying out the risk response plans and these folks are known as risk owners. The prioritization of the risk responses and development of the risk response plan is based on following parameters: Cost of the response to reduce risk within tolerance levels Importance of the risk Capability to implement the response Effectiveness and efficiency of the response Risk prioritization strategy is used to create a risk response plan and implementation schedule because all risk cannot be addressed at the same time. It may take considerable investment of time and resources to address all the risk identified in the risk analysis process. Risk with a greater likelihood and impact on the enterprise will prioritized above other risk that is considered less likely or lay less impact. Answer: A is incorrect. Risk governance is a systemic approach to decision making processes associated to natural and technological risks. It is based on the principles of cooperation, participation, mitigation and sustainability, and is adopted to achieve more effective risk management. It seeks to reduce risk exposure and vulnerability by filling gaps in risk policy, in order to avoid or reduce human and economic costs caused by disasters. Risk governance is a continuous life cycle that requires regular reporting and ongoing review. The risk governance function must oversee the operations of the risk management team. Answer: B is incorrect. The International Risk Governance Council (IRGC) is a self-governing organization whose principle is to facilitate the understanding and managing the rising overall risks that have impacts on the economy and society, human health and safety, the environment at large. IRGC's effort is to build and develop concepts of risk governance, predict main risk issues and present risk governance policy recommendations for the chief decision makers. IRGC mainly emphasizes on rising, universal risks for which governance deficits exist. Its goal is to present recommendations for how policy makers can correct them. IRGC models at constructing strong, integrative inter-disciplinary governance models for up-coming and existing risks.
Question 292
Sensitive data has been lost after an employee inadvertently removed a file from the premises, in violation of organizational policy. Which of the following controls MOST likely failed?
Correct Answer: B
Section: Volume D
Question 293
Which of the following BEST ensures that a firewall is configured in compliance with an enterprise's security policy?
Correct Answer: D
Section: Volume A Explanation Explanation: A review of the parameter settings will provide a good basis for comparison of the actual configuration to the security policy and will provide reliable audit evidence documentation. Incorrect Answers: A: While interviewing the firewall administrator may provide a good process overview, it does not reliably confirm that the firewall configuration complies with the enterprise's security policy. B: While procedures may provide a good understanding of how the firewall is supposed to be managed, they do not reliably confirm that the firewall configuration complies with the enterprise's security policy. C: While reviewing the device's log file for recent attacks may provide indirect evidence about the fact that logging is enabled, it does not reliably confirm that the firewall configuration complies with the enterprise's security policy.
Question 294
A vulnerability assessment of a vendor-supplied solution has revealed that the software is susceptible to cross-site scripting and SQL injection attacks. Which of the following will BEST mitigate this issue?
Correct Answer: B
Question 295
Where are all risks and risk responses documented as the project progresses?
Correct Answer: D,E
is incorrect. The risk management plan addresses the project management's approach to risk management, risk identification, analysis, response, and control. Answer: C is incorrect. The risk response plan only addresses the planned risk responses for the identified risk events in the risk register. Answer: B is incorrect. The project management plan is the overarching plan for the project, not the specifics of the risk responses and risk identification.
