Which of the following would BEST assist in reconstructing the sequence of events following a security incident across multiple IT systems in the organization's network?

• A.Centralized log management
• B.Centralized vulnerability management
• C.Incident management process
• D.Network monitoring infrastructure

Comment: *

Name: *

Email: *

Verification: *

Who is accountable for risk treatment?

• A.Enterprise risk management team
• B.Business process owner
• C.Risk mitigation manager
• D.Risk owner

Comment: *

Name: *

Email: *

Verification: *

Which of the following processes is described in the statement below?
"It is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions."

• A.Risk governance
• B.Risk identification
• C.Risk response planning
• D.Risk communication
• E.Explanation:
  Risk communication is the process of exchanging information and views about risks among stakeholders, such as groups, individuals, and institutions. Risk communication is mostly concerned with the nature of risk or expressing concerns, views, or reactions to risk managers or institutional bodies for risk management. The key plan to consider and communicate risk is to categorize and impose priorities, and acquire suitable measures to reduce risks. It is important throughout any crisis to put across multifaceted information in a simple and clear manner. Risk communication helps in switching or allocating the information concerning risk among the decision-maker and the stakeholders. Risk communication can be explained more clearly with the help of the following definitions: It defines the issue of what a group does, not just what it says. It must take into account the valuable element in user's perceptions of risk. It will be more valuable if it is thought of as conversation, not instruction.
  Risk communication is a fundamental and continuing element of the risk analysis exercise, and the involvement of the stakeholder group is from the beginning. It makes the stakeholders conscious of the process at each phase of the risk assessment. It helps to guarantee that the restrictions, outcomes, consequence, logic, and risk assessment are undoubtedly understood by all the stakeholders.

Comment: *

Name: *

Email: *

Verification: *

A risk practitioners PRIMARY focus when validating a risk response action plan should be that risk response:

• A.quantifies risk impact
• B.advances business objectives.
• C.reduces risk to an acceptable level
• D.aligns with business strategy

Comment: *

Name: *

Email: *

Verification: *

Which of the following come under the phases of risk identification and evaluation?
Each correct answer represents a complete solution. Choose three.

• A.Maintain a risk profile
• B.Collecting data
• C.Analyzing risk
• D.Applying controls
• E.Explanation:
  Risk identification is the process of determining which risks may affect the project. It also
  documents risks' characteristics.
  Following are high-level phases that are involved in risk identification and evaluation:
  Collecting data- Involves collecting data on the business environment, types of events, risk
  categories, risk scenarios, etc., to identify relevant data to enable effective risk identification,
  analysis and reporting.
  Analyzing risk- Involves analyzing risk to develop useful information which is used while taking
  risk-decisions. Risk-decisions take into account the business relevance of risk factors.
  Maintain a risk profile- Requires maintaining an up-to-date and complete inventory of known
  threats and their attributes (e.g., expected likelihood, potential impact, and disposition), IT
  resources, capabilities, and controls as understood in the context of business products, services
  and processes to effectively monitor risk over time.

Comment: *

Name: *

Email: *

Verification: *